Upgrading from 1.1.x would make uri fields have length=255

I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.

Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.

.gitignore

@@ -1,5 +1,4 @@
 avatar/*
-background/*
 files/*
 file/*
 local/*

CONFIGURE

@@ -100,6 +100,10 @@ ssl: Whether to use SSL and https:// URLs for some or all pages.
     (don't use it for any pages), or 'sometimes' (use it for
     sensitive pages that include passwords like login and registration,
     but not for regular pages). Default to 'never'.
+sslproxy: Whether to force GNUsocial to think it is HTTPS when the
+    server gives no such information. I.e. when you're using a reverse
+    proxy that adds the encryption layer but the webserver that runs PHP
+    isn't configured with a key and certificate.
 sslserver: use an alternate server name for SSL URLs, like
     'secure.example.org'. You should be careful to set cookie
     parameters correctly so that both the SSL server and the
@@ -563,6 +567,11 @@ sslserver: if specified, this server will be used when creating HTTPS
 sslpath: if this and the sslserver are specified, this path will be used
     when creating HTTPS URLs. Otherwise, the attachments|path value
     will be used.
+show_thumbs: show thumbnails in notice lists for uploaded images, and photos
+    and videos linked remotely that provide oEmbed info. Defaults to true.
+show_html: show (filtered) text/html attachments (and oEmbed HTML etc.).
+    Doesn't affect AJAX calls. Defaults to false.
+filename_base: for new files, choose one: 'upload', 'hash'. Defaults to hash.
 
 group
 -----
@@ -601,23 +610,6 @@ handle: boolean. Whether we should register our own PHP session-handling
 debug: whether to output debugging info for session storage. Can help
     with weird session bugs, sometimes. Default false.
 
-background
-----------
-
-Users can upload backgrounds for their pages; this section defines
-their use.
-
-server: the server to use for background. Using a separate (even
-    virtual) server for this can speed up load times. Default is
-    null; same as site server.
-dir: directory to write backgrounds too. Default is '/background/'
-    subdir of install dir.
-path: path to backgrounds. Default is sub-path of install path; note
-    that you may need to change this if you change site-path too.
-sslserver: SSL server to use when page is HTTPS-encrypted. If
-    unspecified, site ssl server and so on will be used.
-sslpath: If sslserver if defined, path to use when page is HTTPS-encrypted.
-
 ping
 ----
 
@@ -627,20 +619,6 @@ notify third-party servers of updates.
 notify: an array of URLs for ping endpoints. Default is the empty
     array (no notification).
 
-design
-------
-
-Default design (colors and background) for the site. Actual appearance
-depends on the theme.  Null values mean to use the theme defaults.
-
-backgroundcolor: Hex color of the site background.
-contentcolor: Hex color of the content area background.
-sidebarcolor: Hex color of the sidebar background.
-textcolor: Hex color of all non-link text.
-linkcolor: Hex color of all links.
-backgroundimage: Image to use for the background.
-disposition: Flags for whether or not to tile the background image.
-
 notice
 ------
 

EVENTS.txt

@@ -2,6 +2,13 @@ InitializePlugin: a chance to initialize a plugin in a complete environment
 
 CleanupPlugin: a chance to cleanup a plugin at the end of a program
 
+StartActionExecute: Right before the "prepare" call of the current Action
+- $action:  the current Action object
+- &$args:   array of arguments, referenced so you can modify the array
+
+EndActionExecute:   Right after the "handle" call of the current Action
+- $action:      the current Action object
+
 StartPrimaryNav: Showing the primary nav menu
 - $action: the current action
 
@@ -608,12 +615,12 @@ EndCheckPassword: After checking a username/password pair
 - $authenticatedUser: User object if credentials match a user, else null.
 
 StartChangePassword: Before changing a password
-- $user: user
+- Profile $target: The profile of the User that is changing password
 - $oldpassword: the user's old password
 - $newpassword: the desired new password
 
 EndChangePassword: After changing a password
-- $user: user
+- Profile $target: The profile of the User that just changed its password
 
 StartHashPassword: Generate a hashed version of the password (like a salted crypt)
 - &$hashed: Hashed version of the password, later put in the database
@@ -1444,6 +1451,9 @@ StartResizeImageFile: Hook to resize an image and output it to a file. No matchi
 - $outpath:   string with output filepath
 - $box:       array with size ('width', 'height') and boundary box('x', 'y', 'w', 'h').
 
+FillImageFileMetadata: Get more metadata about the ImageFile if it is perhaps not a real local file
+- $imagefile    ImageFile object which we're getting metadata for (such as animated status, width/height etc.)
+
 StartShowAttachmentRepresentation: Attachment representation, full file (or in rare cases thumbnails/previews).
 - $out:     HTMLOutputter class to use for outputting HTML.
 - $file:    'File' object which we're going to show representation for.
@@ -1463,3 +1473,27 @@ StartNotifyMentioned: During notice distribution, we send notifications (email,
 EndNotifyMentioned: During notice distribution, we send notifications (email, im...) to the profiles who were somehow mentioned.
 - $stored:         Notice object that is being distributed.
 - $mentioned_ids:  Array of profile IDs (not just for local users) who got mentioned by the notice.
+
+StartHomeStubNavItems: Go back Home nav items. Default includes just one item 'home'
+- $out:     HTMLOutputter used to output (usually an Action, but not always!)
+- &$items:  Referenced array of items in the nav (add if desired)
+
+EndHomeStubNavItems:
+- $out:     HTMLOutputter used to output (usually an Action, but not always!)
+- $items:   array of menu items
+
+StartSubMenu: Before outputting a submenu (including enclosing tags) to HTML
+- $out:     HTMLOutputter used to output (usually an Action, but not always!)
+- $menu:    The Menu object outputted as a submenu.
+- $label:   Localized text which represents the menu item.
+
+EndSubMenu: After outputting a submenu (including enclosing tags) to HTML
+- $out:     HTMLOutputter used to output (usually an Action, but not always!)
+- $menu:    The Menu object outputted as a submenu.
+- $label:   Localized text which represents the menu item.
+
+StartDocNav: Before outputting the docs Nav
+- $nav: The DoclNav widget
+
+EndDocNav: After outputting the docs Nav
+- $nav: The DoclNav widget

INSTALL

@@ -6,13 +6,16 @@ TABLE OF CONTENTS
 * Installation
     - Getting it up and running
     - Fancy URLs
+    - Themes
+    - Private
+* Extra features
     - Sphinx
     - SMS
-    - Queues and daemons
-    - Themes
     - Translation
+    - Queues and daemons
+* After installation
     - Backups
-    - Private
+    - Upgrading
 
 Prerequisites
 =============
@@ -23,7 +26,7 @@ PHP modules
 The following software packages are *required* for this software to
 run correctly.
 
-- PHP 5.4+      For newer versions, some functions that are used may be
+- PHP 5.5+      For newer versions, some functions that are used may be
                 disabled by default, such as the pcntl_* family. See the
                 section on 'Queues and daemons' for more information.
 - MariaDB 5+    GNU Social uses, by default, a MariaDB server for data
@@ -41,9 +44,10 @@ functional setup of GNU Social:
 - php5-curl     Fetching files by HTTP.
 - php5-gd       Image manipulation (scaling).
 - php5-gmp      For Salmon signatures (part of OStatus).
+- php5-intl     Internationalization support (transliteration et al).
 - php5-json     For WebFinger lookups and more.
 - php5-mysqlnd  The native driver for PHP5 MariaDB connections. If you
-                  use MySQL, 'mysql' or 'mysqli' may work.
+                  use MySQL, 'php5-mysql' or 'php5-mysqli' may be enough.
 
 The above package names are for Debian based systems. In the case of
 Arch Linux, PHP is compiled with support for most extensions but they
@@ -68,7 +72,7 @@ For some functionality, you will also need the following extensions:
 
 You may also experience better performance from your site if you configure
 a PHP cache/accelerator. Most distributions come with "opcache" support.
-Enable it in your php.ini, it is documented there together with its settings.
+Enable it in your php.ini where it is documented together with its settings.
 
 Installation
 ============
@@ -105,11 +109,13 @@ especially if you've previously installed PHP/MariaDB packages.
    will enable "Fancy URL" support, which you can read more about if you
    scroll down a bit in this document.
 
-3. Make your target directory writeable by the Web server.
+3. Make your target directory writeable by the Web server, please note
+   however that 'a+w' will give _all_ users write access and securing the
+   webserver is not within the scope of this document.
 
        chmod a+w /var/www/gnusocial/
 
-   On some systems, this will probably work:
+   On some systems, this will work as a more secure alternative:
 
        chgrp www-data /var/www/gnusocial/
        chmod g+w /var/www/gnusocial/
@@ -118,21 +124,20 @@ especially if you've previously installed PHP/MariaDB packages.
    that user's default group instead. As a last resort, you can create
    a new group like "gnusocial" and add the Web server's user to the group.
 
-4. You should also take this moment to make your avatar, background, and
+4. You should also take this moment to make your 'avatar' and 'file' sub-
-   file subdirectories writeable by the Web server. An insecure way to do
+   directories writeable by the Web server. The _insecure_ way to do
    this is:
 
        chmod a+w /var/www/gnusocial/avatar
-       chmod a+w /var/www/gnusocial/background
        chmod a+w /var/www/gnusocial/file
 
-   You can also make the avatar, background, and file directories
+   You can also make the avatar, and file directories just writable by
-   writeable by the Web server group, as noted above.
+   the Web server group, as noted above.
 
 5. Create a database to hold your site data. Something like this
-   should work:
+   should work (you will be prompted for your database password):
 
-       mysqladmin -u "root" --password="rootpassword" create gnusocial
+       mysqladmin -u "root" -p create social
 
    Note that GNU Social should have its own database; you should not share
    the database with another program. You can name it whatever you want,
@@ -146,17 +151,17 @@ especially if you've previously installed PHP/MariaDB packages.
    database. If you have shell access, this will probably work from the
    MariaDB shell:
 
-       GRANT ALL on gnusocial.*
+       GRANT ALL on social.*
-       TO 'gnusocial'@'localhost'
+       TO 'social'@'localhost'
        IDENTIFIED BY 'agoodpassword';
 
-   You should change the user identifier 'gnusocial' and 'agoodpassword'
+   You should change the user identifier 'social' and 'agoodpassword'
    to your preferred new database username and password. You may want to
    test logging in to MariaDB as this new user.
 
 7. In a browser, navigate to the GNU Social install script; something like:
 
-       http://social.example.net/install.php
+       https://social.example.net/install.php
 
    Enter the database connection information and your site name. The
    install program will configure your site and install the initial,
@@ -170,55 +175,102 @@ Fancy URLs
 ----------
 
 By default, GNU Social will use URLs that include the main PHP program's
-name in them. For example, a user's home profile might be found at:
+name in them. For example, a user's home profile might be found at either
+of these URLS depending on the webserver's configuration and capabilities:
 
-    http://example.net/gnusocial/index.php/gnusocial/fred
+    https://social.example.net/index.php/fred
+    https://social.example.net/index.php?p=fred
 
-On certain systems that don't support this kind of syntax, they'll
+It's possible to configure the software to use fancy URLs so it looks like
-look like this:
+this instead:
 
-    http://example.net/gnusocial/index.php?p=gnusocial/fred
+    https://social.example.net/fred
-
-It's possible to configure the software so it looks like this instead:
-
-    http://example.net/gnusocial/fred
 
 These "fancy URLs" are more readable and memorable for users. To use
 fancy URLs, you must either have Apache 2.x with .htaccess enabled and
 mod_rewrite enabled, -OR- know how to configure "url redirection" in
 your server (like lighttpd or nginx).
 
-1. Copy the htaccess.sample file to .htaccess in your StatusNet
+1. See the instructions for each respective webserver software:
-   directory.
+    * For Apache, inspect the "htaccess.sample" file and save it as
-
+        ".htaccess" after making any necessary modifications. Our sample
-2. Change the "RewriteBase" in the new .htaccess file to be the URL path
+        file is well commented. 
-   to your GNU Social installation on your server. Typically this will
+    * For lighttpd, inspect the lighttpd.conf.example file and apply the
-   be the path to your GNU Social directory relative to your Web root.
+        appropriate changes in your virtualhost configuration for lighttpd.
-   If you are installing it in the root directory, leave it as '/'.
+    * For nginx, inspect the nginx.conf.sample file and apply the appropriate
-
+        changes.
-3. Add, uncomment or change a line in your config.php file so it says:
+    * For other webservers, we gladly accept contributions of
+        server configuration examples.
 
+2. Assuming your webserver is properly configured and have its settings
+    applied (remember to reload/restart it), you can add this to your
+    GNU social's config.php file: 
        $config['site']['fancy'] = true;
 
 You should now be able to navigate to a "fancy" URL on your server,
 like:
 
-    http://example.net/gnusocial/main/register
+    https://social.example.net/main/register
 
-If you changed your HTTP server configuration, you may need to restart
+Themes
-the server first.
+------
 
-If it doesn't work, double-check that AllowOverride for the GNU Social
+As of right now, your ability change the theme is limited to CSS
-directory is 'All' in your Apache configuration file. This is usually
+stylesheets and some image files; you can't change the HTML output,
-/etc/httpd.conf, /etc/apache/httpd.conf, or (on Debian and Ubuntu)
+like adding or removing menu items, without the help of a plugin.
-/etc/apache2/sites-available/default. See the Apache documentation for
-.htaccess files for more details:
 
-    http://httpd.apache.org/docs/2.2/howto/htaccess.html
+You can choose a theme using the $config['site']['theme'] element in
+the config.php file. See below for details.
 
-Also, check that mod_rewrite is installed and enabled:
+You can add your own theme by making a sub-directory of the 'theme'
+subdirectory with the name of your theme. Each theme can have the
+following files:
 
-    http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
+display.css: a CSS2 file for "default" styling for all browsers.
+logo.png: a logo image for the site.
+default-avatar-profile.png: a 96x96 pixel image to use as the avatar for
+    users who don't upload their own.
+default-avatar-stream.png: Ditto, but 48x48. For streams of notices.
+default-avatar-mini.png: Ditto ditto, but 24x24. For subscriptions
+    listing on profile pages.
+
+You may want to start by copying the files from the default theme to
+your own directory.
+
+Private
+-------
+
+A GNU social node can be configured as "private", which means it will not
+federate with other nodes in the network. It is not a recommended method
+of using GNU social and we cannot at the current state of development
+guarantee that there are no leaks (what a public network sees as features,
+private sites will likely see as bugs). 
+
+Private nodes are however an easy way to easily setup collaboration and
+image sharing within a workgroup or a smaller community where federation
+is not a desired feature. Also, it is possible to change this setting and
+instantly gain full federation features.
+
+Access to file attachments can also be restricted to logged-in users only:
+
+1. Add a directory outside the web root where your file uploads will be
+   stored. Use this command as an initial guideline to create it:
+
+       mkdir /var/www/gnusocial-files
+
+2. Make the file uploads directory writeable by the web server. An
+   insecure way to do this is (to do it properly, read up on UNIX file
+   permissions and configure your webserver accordingly):
+
+       chmod a+x /var/www/gnusocial-files
+
+3. Tell GNU social to use this directory for file uploads. Add a line
+   like this to your config.php:
+
+       $config['attachments']['dir'] = '/var/www/gnusocial-files';
+
+Extra features
+==============
 
 Sphinx
 ------
@@ -283,7 +335,21 @@ For this to work, there *must* be a domain or sub-domain for which all
 
        $config['mail']['domain'] = 'yourdomain.example.net';
 
+Translations
+------------
 
+For info on helping with translations, see the platform currently in use
+for translations: https://www.transifex.com/projects/p/gnu-social/
+
+Translations use the gettext system <http://www.gnu.org/software/gettext/>.
+If you for some reason do not wish to sign up to the Transifex service,
+you can review the files in the "locale/" sub-directory of GNU social.
+Each plugin also has its own translation files.
+
+To get your own site to use all the translated languages, and you are
+tracking the git repo, you will need to install at least 'gettext' on
+your system and then run:
+    $ make translations
 
 Queues and daemons
 ------------------
@@ -300,12 +366,12 @@ Two mechanisms are available to achieve offline operations:
 ### OpportunisticQM plugin
 
 This plugin is enabled by default. It tries its best to do background
-job during regular HTTP requests, like API or HTML pages calls.
+jobs during regular HTTP requests, like API or HTML pages calls.
 
 Since queueing system is enabled by default, notices to be broadcasted
 will be stored, by default, into DB (table queue_item).
 
-Each time it can, OpportunisticQM will try to handle some of them.
+Whenever it has time, OpportunisticQM will try to handle some of them.
 
 This is a good solution whether you:
 
@@ -345,16 +411,13 @@ separate server is probably a good idea for high-volume sites.
    .htaccess file, but make sure that your config.php file is close
    to, or identical to, your Web server's version.
 
-3. In your config.php files (both the Web server and the queues
+3. In your config.php files (on the server where you run the queue
-   server!), set the following variable:
+    daemon), set the following variable:
 
-       $config['queue']['enabled'] = true;
        $config['queue']['daemon'] = true;
 
-   You may also want to look at the 'daemon' section of this file for
+   You may also want to look at the 'Queues and Daemons' section in
-   more daemon options. Note that if you set the 'user' and/or 'group'
+   this file for more background processing options.
-   options, you'll need to create that user and/or group by hand.
-   They're not created automatically.
 
 4. On the queues server, run the command scripts/startdaemons.sh.
 
@@ -384,85 +447,20 @@ It is also possible to use a STOMP server instead of our kind of hacky
 home-grown DB-based queue solution. This is strongly recommended for
 best response time, especially when using XMPP.
 
-Themes
+After installation
-------
+==================
-
-Older themes (version 0.9.x and below) no longer work with StatusNet
-1.0.x, due to major changes in the site layout. We ship with three new
-themes for this version, 'neo', 'neo-blue' and 'neo-light'.
-
-As of right now, your ability to change the theme is site-wide; users
-can't choose their own theme. Additionally, the only thing you can
-change in the theme is CSS stylesheets and some image files; you can't
-change the HTML output, like adding or removing menu items.
-
-You can choose a theme using the $config['site']['theme'] element in
-the config.php file. See below for details.
-
-You can add your own theme by making a sub-directory of the 'theme'
-subdirectory with the name of your theme. Each theme can have the
-following files:
-
-display.css: a CSS2 file for "default" styling for all browsers.
-logo.png: a logo image for the site.
-default-avatar-profile.png: a 96x96 pixel image to use as the avatar for
-    users who don't upload their own.
-default-avatar-stream.png: Ditto, but 48x48. For streams of notices.
-default-avatar-mini.png: Ditto ditto, but 24x24. For subscriptions
-    listing on profile pages.
-
-You may want to start by copying the files from the default theme to
-your own directory.
-
-Translation
------------
-
-Translations in StatusNet use the gettext system <http://www.gnu.org/software/gettext/>.
-Theoretically, you can add your own sub-directory to the locale/
-subdirectory to add a new language to your system. You'll need to
-compile the ".po" files into ".mo" files, however.
-
-Contributions of translation information to StatusNet are very easy:
-you can use the Web interface at translatewiki.net to add one
-or a few or lots of new translations -- or even new languages. You can
-also download more up-to-date .po files there, if you so desire.
-
-For info on helping with translations, see http://status.net/wiki/Translations
 
 Backups
 -------
 
-There is no built-in system for doing backups in StatusNet. You can make
+There is no built-in system for doing backups in GNU social. You can make
 backups of a working StatusNet system by backing up the database and
-the Web directory. To backup the database use mysqldump <http://ur1.ca/7xo>
+the Web directory. To backup the database use mysqldump <https://mariadb.com/kb/en/mariadb/mysqldump/>
 and to backup the Web directory, try tar.
 
-Private
+Upgrading
--------
+---------
 
-The administrator can set the "private" flag for a site so that it's
+Upgrading is strongly recommended to stay up to date with security fixes
-not visible to non-logged-in users. (This is the default for new installs of version 1.0!)
+and new features. For instructions on how to upgrade GNU social code,
-
+please see the UPGRADE file.
-This might be useful for workgroups who want to share a social
-networking site for project management, but host it on a public
-server.
-
-Total privacy is attempted but not guaranteed or ensured. Private sites
-currently don't work well with OStatus federation.
-
-Access to file attachments can also be restricted to logged-in users only.
-
-1. Add a directory outside the web root where your file uploads will be
-   stored. Usually a command like this will work:
-
-       mkdir /var/www/statusnet-files
-
-2. Make the file uploads directory writeable by the web server. An
-   insecure way to do this is:
-
-       chmod a+x /var/www/statusnet-files
-
-3. Tell StatusNet to use this directory for file uploads. Add a line
-   like this to your config.php:
-
-       $config['attachments']['dir'] = '/var/www/statusnet-files';

PLUGINS.txt

@@ -1,7 +1,7 @@
 Plugins
 =======
 
-Beginning with the 0.7.x branch, StatusNet has supported a simple but
+GNU social supports a simple but
 powerful plugin architecture. Important events in the code are named,
 like 'StartNoticeSave', and other software can register interest
 in those events. When the events happen, the other software is called
@@ -37,7 +37,7 @@ can enable a plugin with the following line in config.php:
 
 This will look for and load files named 'ExamplePlugin.php' or
 'Example/ExamplePlugin.php' either in the plugins/ directory (for
-plugins that ship with StatusNet) or in the local/ directory (for
+plugins that ship with GNU social) or in the local/ directory (for
 plugins you write yourself or that you get from somewhere else) or
 local/plugins/.
 

README.md

@@ -1,5 +1,5 @@
-# GNU social 1.1.3
+# GNU social 1.2.x
-February 2015-02-27
+2015
 
 (c) Free Software Foundation, Inc
 (c) StatusNet, Inc
@@ -100,15 +100,19 @@ for additional terms.
 
 ## New this version
 
-This is a security fix and bug fix release since 1.1.3-beta2.
+This is the development branch for the 1.2.x version of GNU social.
-All 1.1.x sites should upgrade to this version.
+All daring 1.1.x admins should upgrade to this version.
 
 So far it includes the following changes:
 
+- Backing up a user's account is more and more complete.
+- Emojis 😸 (utf8mb4 support)
+
+The last release, 1.1.3, gave us these improvements:
+
 - XSS security fix (thanks Simon Waters, <https://www.surevine.com/>)
 - Many improvements to ease adoption of the Qvitter front-end <https://github.com/hannesmannerheim/qvitter>
 - Protocol adaptions for improved performance and stability
-- Backing up a user's account now appears to work as it should
 
 Upgrades from _StatusNet_ 1.1.1 will also experience these improvements:
 
@@ -140,13 +144,13 @@ to install the development version of GNU social.
 To get it, use the git version control tool
 <http://git-scm.com/> like so:
 
-    git clone git@gitorious.org:social/mainline.git
+    git clone git@git.gnu.io:gnu/gnu-social.git
 
 In the current phase of development it is probably
 recommended to use git as a means to stay up to date
 with the source code. You can choose between these
 branches:
-- 1.1.x     "stable", few updates, well tested code
+- 1.2.x     "stable", few updates, well tested code
 - master    "testing", more updates, usually working well
 - nightly   "unstable", most updates, not always working
 
@@ -162,8 +166,8 @@ There are several ways to get more information about GNU social.
 * Following us on GNU social -- <https://quitter.se/gnusocial>
 
 * GNU social has a bug tracker for any defects you may find, or ideas for
-  making things better. <https://bugz.foocorp.net/>
+  making things better. <https://git.gnu.io/gnu/gnu-social/issues/>
-* Patches are welcome, preferrably to our repository on Gitorious. <https://gitorious.org/social/mainline>
+* Patches are welcome, preferrably to our repository on git.gnu.io. <https://git.gnu.io/gnu/gnu-social>
 
 Credits
 =======

UPGRADE

@@ -1,99 +1,97 @@
 Upgrading
 =========
 
-StatusNet 1.1.1 to GNU social
+GNU social 1.1.x to GNU social 1.2.x
------------------------------
+------------------------------------
+
+If you are tracking the GNU social git repository, we currently recommend
+using the "master" branch (or nightly if you want to use latest features)
+and follow this procedure: 
+
+0. Backup your data. The StatusNet upgrade discussions below have some
+    guidelines to back up the database and files (mysqldump and rsync).
+
+1. Stop your queue daemons (you can run this command even if you do not
+    use the queue daemons):
+    $ bash scripts/stopdaemons.sh
+
+2. Run the command to fetch the latest sourcecode:
+    $ git pull
+    
+    If you are not using git we recommend following the instructions below
+    for upgrading "StatusNet 1.1.x to GNU social 1.2.x" as they are similar.
+
+3. Run the upgrade script:
+    $ php scripts/upgrade.php
+
+   The upgrade script will likely take a long time because it will
+    upgrade the tables to another character encoding and make other
+    automated upgrades. Make sure it ends without errors. If you get
+    errors, create a new task on https://git.gnu.io/gnu/gnu-social/issues
+
+4. Start your queue daemons again (you can run this command even if you
+    do not use the queue daemons):
+    $ bash scripts/startdaemons.sh
+
+5. Report any issues at https://git.gnu.io/gnu/gnu-social/issues
+
+If you are using ssh keys to log in to your server, you can make this
+procedure pretty painless (assuming you have automated backups already).
+Make sure you "cd" into the correct directory (in this case "htdocs")
+and use the correct login@hostname combo:
+    $ ssh social@domain.example 'cd htdocs
+            && bash scripts/stopdaemons.sh
+            && git pull
+            && time php scripts/upgrade.php
+            && bash scripts/startdaemons.sh'
+
+StatusNet 1.1.x to GNU social 1.2.x
+-----------------------------------
 
 We cannot support migrating from any other version of StatusNet than 
 1.1.1. If you are running a StatusNet version lower than this, please 
 follow the upgrade procedures for each respective StatusNet version.
 
-You are now running StatusNet 1.1.1 and want to migrate to GNU social.
+You are now running StatusNet 1.1.1 and want to migrate to GNU social
-Beware there may be changes in minimum required version of PHP and the
+1.2.x. Beware there may be changes in minimum required version of PHP
-modules used, so double-check the INSTALL file's requirements list.
+and the modules required, so review the INSTALL file (php5-intl is a
+newly added dependency for example).
 
-Before you begin: Make backups. Always make backups. Of your entire 
+* Before you begin: Make backups. Always make backups. Of your entire 
 directory structure and the database too. All tables. All data. Alles.
 
-    0. Stop your queue daemons 'php scripts/stopdaemon.php' should do it.
+0. Make a backup of everything. To backup the database, you can use a
+variant of this command (you will be prompted for the database password):
+    $ mysqldump -u dbuser -p dbname > social-backup.sql
+
+1. Stop your queue daemons 'bash scripts/stopdaemons.sh' should do it.
     Not everyone runs queue daemons, but the above command won't hurt.
 
-    1. Unpack your GNU social code to a fresh directory.
+2. Unpack your GNU social code to a fresh directory. You can do this
+    by cloning our git repository:
+    $ git clone https://git.gnu.io/gnu/gnu-social.git gnusocial
 
-    2. Synchronize your local files to the GNU social directory. These 
+3. Synchronize your local files to the GNU social directory. These 
     will be the local files such as avatars, config and files:
 
         avatar/*
-            background/*
         file/*
         local/*
         .htaccess
         config.php
 
-    3. Replace your old StatusNet directory with the new GNU social
+    This command will point you in the right direction on how to do it:
+    $ rsync -avP statusnet/{.htaccess,avatar,file,local,config.php} gnusocial/
+
+4. Replace your old StatusNet directory with the new GNU social
     directory in your webserver root.
 
-    4. Run the upgrade script: 'php scripts/upgrade.php'
+5. Run the upgrade script: 'php scripts/upgrade.php'
+   The upgrade script will likely take a long time because it will
+    upgrade the tables to another character encoding and make other
+    automated upgrades. Make sure it ends without errors. If you get
+    errors, create a new task on https://git.gnu.io/gnu/gnu-social/issues
 
-    5. Start your queue daemons: 'php scripts/startdaemons.php'
+6. Start your queue daemons: 'bash scripts/startdaemons.sh'
 
-    6. Report any issues at https://bugz.foocorp.net/ (tag GNU social)
+7. Report any issues at https://git.gnu.io/gnu/gnu-social/issues
-
-
-Legacy StatusNet instructions
------------------------------
-
-These instructions are here for historical and perhaps informational
-purposes.
-
-If you've been using StatusNet 1.0 or lower, or if you've
-been tracking the "git" version of the software, you will probably
-want to upgrade and keep your existing data. Try these step-by-step
-instructions; read to the end first before trying them.
-
-0. Download StatusNet and set up all the prerequisites as if you were
-   doing a new install.
-1. Make backups of both your database and your Web directory. UNDER NO
-   CIRCUMSTANCES should you try to do an upgrade without a known-good
-   backup. You have been warned.
-2. Shut down Web access to your site, either by turning off your Web
-   server or by redirecting all pages to a "sorry, under maintenance"
-   page.
-3. Shut down XMPP access to your site, typically by shutting down the
-   xmppdaemon.php process and all other daemons that you're running.
-   If you've got "monit" or "cron" automatically restarting your
-   daemons, make sure to turn that off, too.
-4. Shut down SMS and email access to your site. The easy way to do
-   this is to comment out the line piping incoming email to your
-   maildaemon.php file, and running something like "newaliases".
-5. Once all writing processes to your site are turned off, make a
-   final backup of the Web directory and database.
-6. Move your StatusNet directory to a backup spot, like "statusnet.bak".
-7. Unpack your StatusNet 1.1.1 tarball and move it to "statusnet" or
-   wherever your code used to be.
-8. Copy the config.php file and the contents of the avatar/, background/,
-   file/, and local/ subdirectories from your old directory to your new
-   directory.
-9. Copy htaccess.sample to .htaccess in the new directory. Change the
-   RewriteBase to use the correct path.
-10. Upgrade the database.
-
-    NOTE: this step is destructive and cannot be
-    reversed. YOU CAN EASILY DESTROY YOUR SITE WITH THIS STEP. Don't
-    do it without a known-good backup!
-
-    In your new StatusNet 1.1.1 directory and AFTER YOU MAKE A
-    BACKUP run the upgrade.php script like this:
-
-        php ./scripts/upgrade.php
-
-11. Use mysql or psql client to log into your database and make sure that
-    the notice, user, profile, subscription etc. tables are non-empty.
-12. Turn back on the Web server, and check that things still work.
-13. Turn back on XMPP bots and email maildaemon.
-
-NOTE: the 1.0.0 version of StatusNet changed the URLs for all admin
-panels from /admin/* to /panel/*. This now allows the (popular)
-username 'admin', but blocks the considerably less popular username
-'panel'. If you have an existing user named 'panel', you should rename
-them before upgrading.

actions/all.php

@@ -35,38 +35,24 @@
  * @link     http://status.net
  */
 
-if (!defined('GNUSOCIAL') && !defined('STATUSNET')) { exit(1); }
+if (!defined('GNUSOCIAL')) { exit(1); }
 
-class AllAction extends ProfileAction
+class AllAction extends ShowstreamAction
 {
-    var $notice;
+    public function getStream()
-
-    protected function prepare(array $args=array())
     {
-        parent::prepare($args);
+        if ($this->scoped instanceof Profile && $this->scoped->isLocal() && $this->scoped->getUser()->streamModeOnly()) {
-
-        $user = common_current_user();
-
-        if (!empty($user) && $user->streamModeOnly()) {
             $stream = new InboxNoticeStream($this->target, $this->scoped);
         } else {
             $stream = new ThreadingInboxNoticeStream($this->target, $this->scoped);
         }
 
-        $this->notice = $stream->getNotices(($this->page-1)*NOTICES_PER_PAGE,
+        return $stream;
-                                            NOTICES_PER_PAGE + 1);
-
-        if ($this->page > 1 && $this->notice->N == 0) {
-            // TRANS: Client error when page not found (404).
-            $this->clientError(_('No such page.'), 404);
-        }
-
-        return true;
     }
 
     function title()
     {
-        if (!empty($this->scoped) && $this->scoped->id == $this->target->id) {
+        if (!empty($this->scoped) && $this->scoped->sameAs($this->target)) {
             // TRANS: Title of a user's own start page.
             return _('Home timeline');
         } else {
@@ -83,44 +69,44 @@ class AllAction extends ProfileAction
                 common_local_url(
                     'ApiTimelineFriends', array(
                         'format' => 'as',
-                        'id' => $this->target->nickname
+                        'id' => $this->target->getNickname()
                     )
                 ),
                 // TRANS: %s is user nickname.
-                sprintf(_('Feed for friends of %s (Activity Streams JSON)'), $this->target->nickname)),
+                sprintf(_('Feed for friends of %s (Activity Streams JSON)'), $this->target->getNickname())),
             new Feed(Feed::RSS1,
                 common_local_url(
                     'allrss', array(
                         'nickname' =>
-                        $this->target->nickname)
+                        $this->target->getNickname())
                 ),
                 // TRANS: %s is user nickname.
-                sprintf(_('Feed for friends of %s (RSS 1.0)'), $this->target->nickname)),
+                sprintf(_('Feed for friends of %s (RSS 1.0)'), $this->target->getNickname())),
             new Feed(Feed::RSS2,
                 common_local_url(
                     'ApiTimelineFriends', array(
                         'format' => 'rss',
-                        'id' => $this->target->nickname
+                        'id' => $this->target->getNickname()
                     )
                 ),
                 // TRANS: %s is user nickname.
-                sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->target->nickname)),
+                sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->target->getNickname())),
             new Feed(Feed::ATOM,
                 common_local_url(
                     'ApiTimelineFriends', array(
                         'format' => 'atom',
-                        'id' => $this->target->nickname
+                        'id' => $this->target->getNickname()
                     )
                 ),
                 // TRANS: %s is user nickname.
-                sprintf(_('Feed for friends of %s (Atom)'), $this->target->nickname))
+                sprintf(_('Feed for friends of %s (Atom)'), $this->target->getNickname()))
         );
     }
 
     function showEmptyListMessage()
     {
         // TRANS: Empty list message. %s is a user nickname.
-        $message = sprintf(_('This is the timeline for %s and friends but no one has posted anything yet.'), $this->target->nickname) . ' ';
+        $message = sprintf(_('This is the timeline for %s and friends but no one has posted anything yet.'), $this->target->getNickname()) . ' ';
 
         if (common_logged_in()) {
             if ($this->target->id === $this->scoped->id) {
@@ -130,12 +116,12 @@ class AllAction extends ProfileAction
             } else {
                 // TRANS: %1$s is user nickname, %2$s is user nickname, %2$s is user nickname prefixed with "@".
                 // TRANS: This message contains Markdown links. Keep "](" together.
-                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) from their profile or [post something to them](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->target->nickname, $this->target->nickname, '@' . $this->target->nickname);
+                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) from their profile or [post something to them](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->target->getNickname(), $this->target->getNickname(), '@' . $this->target->getNickname());
             }
         } else {
             // TRANS: Encouragement displayed on empty timeline user pages for anonymous users.
             // TRANS: %s is a user nickname. This message contains Markdown links. Keep "](" together.
-            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->target->nickname);
+            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->target->getNickname());
         }
 
         $this->elementStart('div', 'guide');
@@ -146,19 +132,10 @@ class AllAction extends ProfileAction
     function showContent()
     {
         if (Event::handle('StartShowAllContent', array($this))) {
-
+            if ($this->scoped instanceof Profile && $this->scoped->isLocal() && $this->scoped->getUser()->streamModeOnly()) {
-            $profile = null;
-
-            $current_user = common_current_user();
-
-            if (!empty($current_user)) {
-                $profile = $current_user->getProfile();
-            }
-
-            if (!empty($current_user) && $current_user->streamModeOnly()) {
                 $nl = new PrimaryNoticeList($this->notice, $this, array('show_n'=>NOTICES_PER_PAGE));
             } else {
-                $nl = new ThreadedNoticeList($this->notice, $this, $profile);
+                $nl = new ThreadedNoticeList($this->notice, $this, $this->scoped);
             }
 
             $cnt = $nl->show();
@@ -169,7 +146,7 @@ class AllAction extends ProfileAction
 
             $this->pagination(
                 $this->page > 1, $cnt > NOTICES_PER_PAGE,
-                $this->page, 'all', array('nickname' => $this->target->nickname)
+                $this->page, 'all', array('nickname' => $this->target->getNickname())
             );
 
             Event::handle('EndShowAllContent', array($this));

actions/allrss.php

@@ -28,11 +28,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/rssaction.php';
 
 /**
  * RSS feed for user and friends timeline.
@@ -46,52 +42,12 @@ require_once INSTALLDIR.'/lib/rssaction.php';
  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
  * @link     http://status.net/
  */
-class AllrssAction extends Rss10Action
+class AllrssAction extends TargetedRss10Action
 {
-    var $user = null;
+    protected function getNotices()
-
-    /**
-     * Initialization.
-     *
-     * @param array $args Web and URL arguments
-     *
-     * @return boolean false if user doesn't exist
-     *
-     */
-    function prepare($args)
     {
-        parent::prepare($args);
+        $stream = new InboxNoticeStream($this->target);
-        $nickname   = $this->trimmed('nickname');
+        return $stream->getNotices(0, $this->limit)->fetchAll();
-        $this->user = User::getKV('nickname', $nickname);
-
-        if (!$this->user) {
-            // TRANS: Client error when user not found for an rss related action.
-            $this->clientError(_('No such user.'));
-        } else {
-            $this->notices = $this->getNotices($this->limit);
-            return true;
-        }
-    }
-
-    /**
-     * Get notices
-     *
-     * @param integer $limit max number of notices to return
-     *
-     * @return array notices
-     */
-    function getNotices($limit=0)
-    {
-        $stream = new InboxNoticeStream($this->user->getProfile());
-        $notice = $stream->getNotices(0, $limit, null, null);
-
-        $notices = array();
-
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
      /**
@@ -101,33 +57,17 @@ class AllrssAction extends Rss10Action
      */
     function getChannel()
     {
-        $user = $this->user;
         $c    = array('url' => common_local_url('allrss',
                                              array('nickname' =>
-                                                   $user->nickname)),
+                                                   $this->target->getNickname())),
                    // TRANS: Message is used as link title. %s is a user nickname.
-                   'title' => sprintf(_('%s and friends'), $user->nickname),
+                   'title' => sprintf(_('%s and friends'), $this->target->getNickname()),
                    'link' => common_local_url('all',
                                              array('nickname' =>
-                                                   $user->nickname)),
+                                                   $this->target->getNickname())),
                    // TRANS: Message is used as link description. %1$s is a username, %2$s is a site name.
                    'description' => sprintf(_('Updates from %1$s and friends on %2$s!'),
-                                            $user->nickname, common_config('site', 'name')));
+                                            $this->target->getNickname(), common_config('site', 'name')));
         return $c;
     }
-
-    /**
-     * Get image.
-     *
-     * @return string user avatar URL or null
-     */
-    function getImage()
-    {
-        $user    = $this->user;
-        $profile = $user->getProfile();
-        if (!$profile) {
-            return null;
-        }
-        return $profile->avatarUrl(AVATAR_PROFILE_SIZE);
-    }
 }

actions/apiaccountratelimitstatus.php

@@ -31,9 +31,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * We don't have a rate limit, but some clients check this method.
@@ -58,9 +56,9 @@ class ApiAccountRateLimitStatusAction extends ApiBareAuthAction
      *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
 
         if (!in_array($this->format, array('xml', 'json'))) {
             $this->clientError(
@@ -69,7 +67,6 @@ class ApiAccountRateLimitStatusAction extends ApiBareAuthAction
                 404,
                 $this->format
             );
-            return;
         }
 
         $reset   = new DateTime();

actions/apiaccountregister.php

@@ -1,5 +1,4 @@
 <?php
-        
 /**
  * StatusNet, the distributed open-source microblogging tool
  *
@@ -132,9 +131,6 @@ class ApiAccountRegisterAction extends ApiAction
                    !common_valid_http_url($homepage)) {
             // TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
 	        $this->clientError(_('Homepage is not a valid URL.'), 400);
-        } else if (!is_null($fullname) && mb_strlen($fullname) > 255) {
-            // TRANS: Form validation error displayed when trying to register with a too long full name.
-	        $this->clientError(_('Full name is too long (maximum 255 characters).'), 400);
         } else if (Profile::bioTooLong($bio)) {
             // TRANS: Form validation error on registration page when providing too long a bio text.
             // TRANS: %d is the maximum number of characters for bio; used for plural.
@@ -142,9 +138,6 @@ class ApiAccountRegisterAction extends ApiAction
                                        'Bio is too long (maximum %d characters).',
                                        Profile::maxBio()),
                                        Profile::maxBio()), 400);
-        } else if (!is_null($location) && mb_strlen($location) > 255) {
-            // TRANS: Form validation error displayed when trying to register with a too long location.
-	        $this->clientError(_('Location is too long (maximum 255 characters).'), 400);
         } else if (strlen($password) < 6) {
             // TRANS: Form validation error displayed when trying to register with too short a password.
 	        $this->clientError(_('Password must be 6 or more characters.'), 400);
@@ -156,28 +149,25 @@ class ApiAccountRegisterAction extends ApiAction
             // annoy spammers
             sleep(7);
             
-	    	if ($user = User::register(array('nickname' => $nickname,
+			if (Event::handle('APIStartRegistrationTry', array($this))) { 
+				try {
+					$user = User::register(array('nickname' => $nickname,
 														'password' => $password,
 														'email' => $email,
 														'fullname' => $fullname,
 														'homepage' => $homepage,
 														'bio' => $bio,
 														'location' => $location,
-	                                                'code' => $this->code))) {
+														'code' => $this->code));
-	            if (!$user instanceof User) {
-	                // TRANS: Form validation error displayed when trying to register with an invalid username or password.
-	                $this->clientError(_('Invalid username or password.'), 400);
-	            }
-
 					Event::handle('EndRegistrationTry', array($this));
 
 					$this->initDocument('json');
 					$this->showJsonObjects($this->twitterUserArray($user->getProfile()));
 					$this->endDocument('json');
 
-	        } else {
+				} catch (Exception $e) {
-	            // TRANS: Form validation error displayed when trying to register with an invalid username or password.
+					$this->clientError($e->getMessage(), 400);
-	        	$this->clientError(_('Invalid username or password.'), 400);
+				}			
 			}
         }
     }

actions/apiaccountupdateprofile.php

@@ -96,21 +96,12 @@ class ApiAccountUpdateProfileAction extends ApiAuthAction
 
         $original = clone($profile);
 
-        if (!empty($this->name)) {
         $profile->fullname = $this->name;
-        }
-
-        if (!empty($this->url)) {
         $profile->homepage = $this->url;
-        }
-
-        if (!empty($this->description)) {
         $profile->bio = $this->description;
-        }
-
-        if (!empty($this->location)) {
         $profile->location = $this->location;
 
+        if (!empty($this->location)) {
             $loc = Location::fromName($this->location);
 
             if (!empty($loc)) {
@@ -119,6 +110,12 @@ class ApiAccountUpdateProfileAction extends ApiAuthAction
                 $profile->location_id = $loc->location_id;
                 $profile->location_ns = $loc->location_ns;
             }
+        } else {
+            // location is empty so reset the extrapolated information too
+            $profile->lat = '';
+            $profile->lon = '';
+            $profile->location_id = '';
+            $profile->location_ns = '';
         }
 
         $result = $profile->update($original);

actions/apiconversation.php

@@ -49,16 +49,9 @@ class ApiconversationAction extends ApiAuthAction
     protected $conversation = null;
     protected $notices      = null;
 
-    /**
+    protected function prepare(array $args=array())
-     * For initializing members of the class.
-     *
-     * @param array $argarray misc. arguments
-     *
-     * @return boolean true
-     */
-    function prepare($argarray)
     {
-        parent::prepare($argarray);
+        parent::prepare($args);
 
         $convId = $this->trimmed('id');
 

actions/apifriendshipscreate.php

@@ -29,9 +29,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Allows the authenticating users to follow (subscribe) the user specified in
@@ -90,7 +88,7 @@ class ApiFriendshipsCreateAction extends ApiAuthAction
             $this->clientError(_('Could not follow user: profile not found.'), 403);
         }
 
-        if ($this->user->isSubscribed($this->other)) {
+        if ($this->scoped->isSubscribed($this->other)) {
             $errmsg = sprintf(
                 // TRANS: Client error displayed when trying to follow a user that's already being followed.
                 // TRANS: %s is the nickname of the user that is already being followed.
@@ -101,9 +99,9 @@ class ApiFriendshipsCreateAction extends ApiAuthAction
         }
 
         try {
-            Subscription::start($this->user->getProfile(), $this->other);
+            Subscription::start($this->scoped, $this->other);
-        } catch (Exception $e) {
+        } catch (AlreadyFulfilledException $e) {
-            $this->clientError($e->getMessage(), 403);
+            $this->clientError($e->getMessage(), 409);
         }
 
         $this->initDocument($this->format);

actions/apifriendshipsdestroy.php

@@ -29,9 +29,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Allows the authenticating users to unfollow (unsubscribe) the user specified in
@@ -48,7 +46,9 @@ if (!defined('STATUSNET')) {
  */
 class ApiFriendshipsDestroyAction extends ApiAuthAction
 {
-    var $other  = null;
+    protected $needPost = true;
+
+    protected $other = null;
 
     /**
      * Take arguments for running
@@ -58,11 +58,10 @@ class ApiFriendshipsDestroyAction extends ApiAuthAction
      * @return boolean success flag
      *
      */
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
-        $this->user   = $this->auth_user;
         $this->other = $this->getTargetProfile($this->arg('id'));
 
         return true;
@@ -73,58 +72,40 @@ class ApiFriendshipsDestroyAction extends ApiAuthAction
      *
      * Check the format and show the user info
      *
-     * @param array $args $_REQUEST data (unused)
-     *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
-
-        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-            $this->clientError(
-                // TRANS: Client error. POST is a HTTP command. It should not be translated.
-                _('This method requires a POST.'),
-                400,
-                $this->format
-            );
-            return;
-        }
 
         if (!in_array($this->format, array('xml', 'json'))) {
             $this->clientError(
                 // TRANS: Client error displayed when coming across a non-supported API method.
                 _('API method not found.'),
-                404,
+                404
-                $this->format
             );
-            return;
         }
 
-        if (empty($this->other)) {
+        if (!$this->other instanceof Profile) {
             $this->clientError(
                 // TRANS: Client error displayed when trying to unfollow a user that cannot be found.
                 _('Could not unfollow user: User not found.'),
-                403,
+                403
-                $this->format
             );
-            return;
         }
 
         // Don't allow unsubscribing from yourself!
 
-        if ($this->user->id == $this->other->id) {
+        if ($this->scoped->id == $this->other->id) {
             $this->clientError(
                 // TRANS: Client error displayed when trying to unfollow self.
                 _("You cannot unfollow yourself."),
-                403,
+                403
-                $this->format
             );
-            return;
         }
 
         // throws an exception on error
-        Subscription::cancel($this->user->getProfile(), $this->other);
+        Subscription::cancel($this->scoped, $this->other);
 
         $this->initDocument($this->format);
         $this->showProfile($this->other, $this->format);

actions/apifriendshipsexists.php

@@ -29,9 +29,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Tests for the existence of friendship between two users. Will return true if
@@ -57,7 +55,7 @@ class ApiFriendshipsExistsAction extends ApiPrivateAuthAction
      *
      * @return boolean success flag
      */
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
@@ -72,22 +70,18 @@ class ApiFriendshipsExistsAction extends ApiPrivateAuthAction
      *
      * Check the format and show the user info
      *
-     * @param array $args $_REQUEST data (unused)
-     *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
 
         if (empty($this->profile_a) || empty($this->profile_b)) {
             $this->clientError(
                 // TRANS: Client error displayed when supplying invalid parameters to an API call checking if a friendship exists.
                 _('Two valid IDs or nick names must be supplied.'),
-                400,
+                400
-                $this->format
             );
-            return;
         }
 
         $result = Subscription::exists($this->profile_a, $this->profile_b);

actions/apifriendshipsshow.php

@@ -29,9 +29,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Outputs detailed information about the relationship between two users
@@ -56,7 +54,7 @@ class ApiFriendshipsShowAction extends ApiBareAuthAction
      *
      * @return boolean success flag
      */
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
@@ -109,13 +107,11 @@ class ApiFriendshipsShowAction extends ApiBareAuthAction
      *
      * Check the format and show the user info
      *
-     * @param array $args $_REQUEST data (unused)
-     *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
 
         if (!in_array($this->format, array('xml', 'json'))) {
             // TRANS: Client error displayed when coming across a non-supported API method.

actions/apilistmemberships.php

@@ -115,11 +115,10 @@ class ApiListMembershipsAction extends ApiBareAuthAction
 
     function getLists()
     {
-        $profile = $this->target;
+        $fn = array($this->target, 'getOtherTags');
-        $fn = array($profile, 'getOtherTags');
 
         # 20 lists
         list($this->lists, $this->next_cursor, $this->prev_cursor) =
-                Profile_list::getAtCursor($fn, array($this->auth_user), $this->cursor, 20);
+                Profile_list::getAtCursor($fn, array($this->scoped), $this->cursor, 20);
     }
 }

actions/apilists.php

@@ -185,7 +185,7 @@ class ApiListsAction extends ApiBareAuthAction
 
         list($this->lists,
              $this->next_cursor,
-             $this->prev_cursor) = Profile_list::getAtCursor($fn, array($this->auth_user), $cursor, $count);
+             $this->prev_cursor) = Profile_list::getAtCursor($fn, array($this->scoped), $cursor, $count);
     }
 
     function isReadOnly($args)

actions/apimediaupload.php

@@ -30,7 +30,7 @@ if (!defined('GNUSOCIAL')) { exit(1); }
 
 /**
  * Upload an image via the API.  Returns a shortened URL for the image
- * to the user.
+ * to the user. Apparently modelled after a former Twitpic API.
  *
  * @category API
  * @package  StatusNet
@@ -42,17 +42,20 @@ class ApiMediaUploadAction extends ApiAuthAction
 {
     protected $needPost = true;
 
-    /**
+    protected function prepare(array $args=array())
-     * Handle the request
+    {
-     *
+        parent::prepare($args);
-     * Grab the file from the 'media' param, then store, and shorten
+
-     *
+        // fallback to xml for older clients etc
-     * @todo Upload throttle!
+        if (empty($this->format)) {
-     *
+            $this->format = 'xml';
-     * @param array $args $_REQUEST data (unused)
+        }
-     *
+        if (!in_array($this->format, ['json', 'xml'])) {
-     * @return void
+            throw new ClientException('This API call does not support the format '._ve($this->format));
-     */
+        }
+        return true;
+    }
+
     protected function handle()
     {
         parent::handle();
@@ -69,14 +72,31 @@ class ApiMediaUploadAction extends ApiAuthAction
             $msg = _m('The server was unable to handle that much POST data (%s byte) due to its current configuration.',
                       'The server was unable to handle that much POST data (%s bytes) due to its current configuration.',
                       intval($_SERVER['CONTENT_LENGTH']));
-            $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+            throw new ClientException(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
         }
 
-        // we could catch "NoUploadedMediaException" as "no media uploaded", but here we _always_ want an upload
+        try {
             $upload = MediaFile::fromUpload('media', $this->scoped);
+        } catch (NoUploadedMediaException $e) {
+            common_debug('No media file was uploaded to the _FILES array');
+            $fh = tmpfile();
+            if ($this->arg('media')) {
+                common_debug('Found media parameter which we hope contains a media file!');
+                fwrite($fh, $this->arg('media'));
+            } elseif ($this->arg('media_data')) {
+                common_debug('Found media_data parameter which we hope contains a base64-encoded media file!');
+                fwrite($fh, base64_decode($this->arg('media_data')));
+            } else {
+                common_debug('No media|media_data POST parameter was supplied');
+                fclose($fh);
+                throw $e;
+            }
+            common_debug('MediaFile importing the uploaded file with fromFilehandle');
+            $upload = MediaFile::fromFilehandle($fh, $this->scoped);
+        }
         
+        common_debug('MediaFile completed and saved us fileRecord with id=='._ve($upload->fileRecord->id));
         // Thumbnails will be generated/cached on demand when accessed (such as with /attachment/:id/thumbnail)
-
         $this->showResponse($upload);
     }
 
@@ -88,14 +108,61 @@ class ApiMediaUploadAction extends ApiAuthAction
      *
      * @return void
      */
-    function showResponse(MediaFile $upload)
+    protected function showResponse(MediaFile $upload)
     {
-        $this->initDocument();
+        $this->initDocument($this->format);
-        $this->elementStart('rsp', array('stat' => 'ok'));
+        switch ($this->format) {
+        case 'json':
+            return $this->showResponseJson($upload);
+        case 'xml':
+            return $this->showResponseXml($upload);
+        default:
+            throw new ClientException('This API call does not support the format '._ve($this->format));
+        }
+        $this->endDocument($this->format);
+    }
+
+    protected function showResponseJson(MediaFile $upload)
+    {
+        $enc = $upload->fileRecord->getEnclosure();
+
+        // note that we use media_id instead of mediaid which XML users might've gotten used to (nowadays we service media_id in both!)
+        $output = [
+                'media_id' => $upload->fileRecord->id,
+                'media_id_string' => (string)$upload->fileRecord->id,
+                'media_url' => $upload->shortUrl(),
+                'size' => $upload->fileRecord->size,
+                ];
+        if (common_get_mime_media($enc->mimetype) === 'image') {
+            $output['image'] = [
+                                'w' => $enc->width,
+                                'h' => $enc->height,
+                                'image_type' => $enc->mimetype,
+                                ];
+        }
+        print json_encode($output);
+    }
+
+    protected function showResponseXml(MediaFile $upload)
+    {
+        $this->elementStart('rsp', array('stat' => 'ok', 'xmlns:atom'=>Activity::ATOM));
         $this->element('mediaid', null, $upload->fileRecord->id);
         $this->element('mediaurl', null, $upload->shortUrl());
+        $this->element('media_url', null, $upload->shortUrl());
+        $this->element('size', null, $upload->fileRecord->size);
+
+        $enclosure = $upload->fileRecord->getEnclosure();
+        $this->element('atom:link', array('rel'  => 'enclosure',
+                                          'href' => $enclosure->url,
+                                          'type' => $enclosure->mimetype));
+
+        // Twitter specific metadata expected in response since Twitter's Media upload API v1.1 (even though Twitter doesn't use XML)
+        $this->element('media_id', null, $upload->fileRecord->id);
+        $this->element('media_id_string', null, (string)$upload->fileRecord->id);
+        if (common_get_mime_media($enclosure->mimetype) === 'image') {
+            $this->element('image', ['w'=>$enclosure->width, 'h'=>$enclosure->height, 'image_type'=>$enclosure->mimetype]);
+        }
         $this->elementEnd('rsp');
-        $this->endDocument();
     }
 
     /**
@@ -103,9 +170,16 @@ class ApiMediaUploadAction extends ApiAuthAction
      *
      * @param String $msg an error message
      */
-    function clientError($msg)
+    function clientError($msg, $code=400, $format=null)
     {
-        $this->initDocument();
+        $this->initDocument($this->format);
+        switch ($this->format) {
+        case 'json':
+            $error = ['errors' => array()];
+            $error['errors'][] = ['message'=>$msg, 'code'=>131];
+            print json_encode($error);
+            break;
+        case 'xml':
             $this->elementStart('rsp', array('stat' => 'fail'));
 
             // @todo add in error code
@@ -113,6 +187,9 @@ class ApiMediaUploadAction extends ApiAuthAction
 
             $this->element('err', $errAttr, null);
             $this->elementEnd('rsp');
-        $this->endDocument();
+            break;
+        }
+        $this->endDocument($this->format);
+        exit;
     }
 }

actions/apisearchatom.php

@@ -327,7 +327,7 @@ class ApiSearchAtomAction extends ApiPrivateAuthAction
                                      'rel'  => 'alternate',
                                      'href' => $nurl));
         $this->element('title', null, common_xml_safe_str(trim($notice->content)));
-        $this->element('content', array('type' => 'html'), $notice->rendered);
+        $this->element('content', array('type' => 'html'), $notice->getRendered());
         $this->element('updated', null, common_date_w3dtf($notice->created));
         $this->element('link', array('type' => 'image/png',
                                      // XXX: Twitter uses rel="image" (not valid)

actions/apistatusesdestroy.php

@@ -124,7 +124,7 @@ class ApiStatusesDestroyAction extends ApiAuthAction
 
         if ($this->user->id == $this->notice->profile_id) {
             if (Event::handle('StartDeleteOwnNotice', array($this->user, $this->notice))) {
-                $this->notice->delete();
+                $this->notice->deleteAs($this->scoped);
                 Event::handle('EndDeleteOwnNotice', array($this->user, $this->notice));
             }
 	        $this->showNotice();

actions/apistatusesshow.php

@@ -74,16 +74,21 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
 
         $this->notice_id = (int)$this->trimmed('id');
 
-        $this->notice = Notice::getKV('id', $this->notice_id);
+        $this->notice = null;
-        if (!$this->notice instanceof Notice) {
+        try {
-            $deleted = Deleted_notice::getKV('id', $this->notice_id);
+            $this->notice = Notice::getByID($this->notice_id);
-            if ($deleted instanceof Deleted_notice) {
+        } catch (NoResultException $e) {
+            // No such notice was found, maybe it was deleted?
+            $deleted = null;
+            Event::handle('IsNoticeDeleted', array($this->notice_id, &$deleted));
+            if ($deleted === true) {
                 // TRANS: Client error displayed trying to show a deleted notice.
-                $this->clientError(_('Notice deleted.'), 410);
+                throw new ClientException(_('Notice deleted.'), 410);
             }
             // TRANS: Client error displayed trying to show a non-existing notice.
-            $this->clientError(_('No such notice.'), 404);
+            throw new ClientException(_('No such notice.'), 404);
         }
+
         if (!$this->notice->inScope($this->scoped)) {
             // TRANS: Client exception thrown when trying a view a notice the user has no access to.
             throw new ClientException(_('Access restricted.'), 403);
@@ -128,7 +133,6 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      */
     function showNotice()
     {
-        if (!empty($this->notice)) {
         switch ($this->format) {
         case 'xml':
             $this->showSingleXmlStatus($this->notice);
@@ -144,28 +148,6 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
             // TRANS: %s is the requested output format.
             throw new Exception(sprintf(_("Unsupported format: %s."), $this->format));
         }
-        } else {
-            // XXX: Twitter just sets a 404 header and doens't bother
-            // to return an err msg
-
-            $deleted = Deleted_notice::getKV($this->notice_id);
-
-            if (!empty($deleted)) {
-                $this->clientError(
-                    // TRANS: Client error displayed requesting a deleted status.
-                    _('Status deleted.'),
-                    410,
-                    $this->format
-                );
-            } else {
-                $this->clientError(
-                    // TRANS: Client error displayed requesting a status with an invalid ID.
-                    _('No status with that ID found.'),
-                    404,
-                    $this->format
-                );
-            }
-        }
     }
 
     /**
@@ -188,13 +170,9 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      */
     function lastModified()
     {
-        if (!empty($this->notice)) {
         return strtotime($this->notice->created);
     }
 
-        return null;
-    }
-
     /**
      * An entity tag for this notice
      *
@@ -205,8 +183,6 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      */
     function etag()
     {
-        if (!empty($this->notice)) {
-
         return '"' . implode(
             ':',
             array($this->arg('action'),
@@ -218,9 +194,6 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
         . '"';
     }
 
-        return null;
-    }
-
     function deleteNotice()
     {
         if ($this->format != 'atom') {
@@ -236,7 +209,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
         }
 
         if (Event::handle('StartDeleteOwnNotice', array($this->auth_user, $this->notice))) {
-            $this->notice->delete();
+            $this->notice->deleteAs($this->scoped);
             Event::handle('EndDeleteOwnNotice', array($this->auth_user, $this->notice));
         }
 

actions/apistatusesupdate.php

@@ -152,6 +152,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction
     var $in_reply_to_status_id = null;
     var $lat                   = null;
     var $lon                   = null;
+    var $media_ids             = array();   // file_id in the keys
 
     /**
      * Take arguments for running
@@ -167,6 +168,19 @@ class ApiStatusesUpdateAction extends ApiAuthAction
         $this->status = $this->trimmed('status');
         $this->lat    = $this->trimmed('lat');
         $this->lon    = $this->trimmed('long');
+        $matches = array();
+        common_debug(get_called_class().': media_ids=='._ve($this->trimmed('media_ids')));
+        if (preg_match_all('/\d+/', $this->trimmed('media_ids'), $matches) !== false) {
+            foreach (array_unique($matches[0]) as $match) {
+                try {
+                    $this->media_ids[$match] = File::getByID($match);
+                } catch (EmptyIdException $e) {
+                    // got a zero from the client, at least Twidere does this on occasion
+                } catch (NoResultException $e) {
+                    // File ID was not found. Do we abort and report to the client?
+                }
+            }
+        }
 
         $this->in_reply_to_status_id
             = intval($this->trimmed('in_reply_to_status_id'));
@@ -211,7 +225,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction
             $this->clientError(_('No such user.'), 404);
         }
 
-        /* Do not call shortenlinks until the whole notice has been build */
+        /* Do not call shortenLinks until the whole notice has been build */
 
         // Check for commands
 
@@ -244,17 +258,24 @@ class ApiStatusesUpdateAction extends ApiAuthAction
                 }
             }
 
+            foreach(array_keys($this->media_ids) as $media_id) {
+                // FIXME: Validation on this... Worst case is that if someone sends bad media_ids then
+                // we'll fill the notice with non-working links, so no real harm, done, but let's fix.
+                // The File objects are in the array, so we could get URLs from them directly.
+                $this->status .= ' ' . common_local_url('attachment', array('attachment' => $media_id));
+            }
+
             $upload = null;
             try {
                 $upload = MediaFile::fromUpload('media', $this->scoped);
                 $this->status .= ' ' . $upload->shortUrl();
-                /* Do not call shortenlinks until the whole notice has been build */
+                /* Do not call shortenLinks until the whole notice has been build */
             } catch (NoUploadedMediaException $e) {
                 // There was no uploaded media for us today.
             }
 
             /* Do call shortenlinks here & check notice length since notice is about to be saved & sent */
-            $status_shortened = $this->auth_user->shortenlinks($this->status);
+            $status_shortened = $this->auth_user->shortenLinks($this->status);
 
             if (Notice::contentTooLong($status_shortened)) {
                 if ($upload instanceof MediaFile) {

actions/apitimelinetag.php

@@ -51,19 +51,10 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction
 {
     var $notices = null;
 
-    /**
+    protected function prepare(array $args=array())
-     * Take arguments for running
-     *
-     * @param array $args $_REQUEST args
-     *
-     * @return boolean success flag
-     */
-    function prepare($args)
     {
         parent::prepare($args);
 
-        common_debug("apitimelinetag prepare()");
-
         $this->tag     = $this->arg('tag');
         $this->notices = $this->getNotices();
 
@@ -79,9 +70,9 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction
      *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
         $this->showTimeline();
     }
 
@@ -172,21 +163,12 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction
      */
     function getNotices()
     {
-        $notices = array();
+        $notice = Notice_tag::getStream($this->tag)->getNotices(($this->page - 1) * $this->count,
-
-        $notice = Notice_tag::getStream(
-            $this->tag,
-            ($this->page - 1) * $this->count,
                                                                  $this->count + 1,
                                                                  $this->since_id,
-            $this->max_id
+                                                                 $this->max_id);
-        );
 
-        while ($notice->fetch()) {
+        return $notice->fetchAll();
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
     /**

actions/apitimelineuser.php

@@ -34,9 +34,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Returns the most recent notices (default 20) posted by the authenticating
@@ -79,6 +77,10 @@ class ApiTimelineUserAction extends ApiBareAuthAction
             $this->clientError(_('No such user.'), 404);
         }
 
+        if (!$this->target->isLocal()) {
+            $this->serverError(_('Remote user timelines are not available here yet.'), 501);
+        }
+
         $this->notices = $this->getNotices();
 
         return true;
@@ -111,11 +113,11 @@ class ApiTimelineUserAction extends ApiBareAuthAction
     {
         // We'll use the shared params from the Atom stub
         // for other feed types.
-        $atom = new AtomUserNoticeFeed($this->target->getUser(), $this->auth_user);
+        $atom = new AtomUserNoticeFeed($this->target->getUser(), $this->scoped);
 
         $link = common_local_url(
                                  'showstream',
-                                 array('nickname' => $this->target->nickname)
+                                 array('nickname' => $this->target->getNickname())
                                  );
 
         $self = $this->getSelfUri();
@@ -123,7 +125,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
         // FriendFeed's SUP protocol
         // Also added RSS and Atom feeds
 
-        $suplink = common_local_url('sup', null, null, $this->target->id);
+        $suplink = common_local_url('sup', null, null, $this->target->getID());
         header('X-SUP-ID: ' . $suplink);
 
 
@@ -131,7 +133,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
         $nextUrl = !empty($this->next_id)
                     ? common_local_url('ApiTimelineUser',
                                     array('format' => $this->format,
-                                          'id' => $this->target->id),
+                                          'id' => $this->target->getID()),
                                     array('max_id' => $this->next_id))
                     : null;
 
@@ -143,11 +145,11 @@ class ApiTimelineUserAction extends ApiBareAuthAction
 
         $prevUrl = common_local_url('ApiTimelineUser',
                                     array('format' => $this->format,
-                                          'id' => $this->target->id),
+                                          'id' => $this->target->getID()),
                                     $prevExtra);
         $firstUrl = common_local_url('ApiTimelineUser',
                                     array('format' => $this->format,
-                                          'id' => $this->target->id));
+                                          'id' => $this->target->getID()));
 
         switch($this->format) {
         case 'xml':
@@ -202,7 +204,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
             break;
         case 'as':
             header('Content-Type: ' . ActivityStreamJSONDocument::CONTENT_TYPE);
-            $doc = new ActivityStreamJSONDocument($this->auth_user);
+            $doc = new ActivityStreamJSONDocument($this->scoped);
             $doc->setTitle($atom->title);
             $doc->addLink($link, 'alternate', 'text/html');
             $doc->addItemsFromNotices($this->notices);
@@ -303,9 +305,9 @@ class ApiTimelineUserAction extends ApiBareAuthAction
             return '"' . implode(
                                  ':',
                                  array($this->arg('action'),
-                                       common_user_cache_hash($this->auth_user),
+                                       common_user_cache_hash($this->scoped),
                                        common_language(),
-                                       $this->target->id,
+                                       $this->target->getID(),
                                        strtotime($this->notices[0]->created),
                                        strtotime($this->notices[$last]->created))
                                  )
@@ -317,10 +319,10 @@ class ApiTimelineUserAction extends ApiBareAuthAction
 
     function handlePost()
     {
-        if (empty($this->auth_user) ||
+        if (!$this->scoped instanceof Profile ||
-            $this->auth_user->id != $this->target->id) {
+                !$this->target->sameAs($this->scoped)) {
             // TRANS: Client error displayed trying to add a notice to another user's timeline.
-            $this->clientError(_('Only the user can add to their own timeline.'));
+            $this->clientError(_('Only the user can add to their own timeline.'), 403);
         }
 
         // Only handle posts for Atom
@@ -352,165 +354,28 @@ class ApiTimelineUserAction extends ApiBareAuthAction
 
         $activity = new Activity($dom->documentElement);
 
-        $saved = null;
+        common_debug('AtomPub: Ignoring right now, but this POST was made to collection: '.$activity->id);
 
-        if (Event::handle('StartAtomPubNewActivity', array(&$activity, $this->target->getUser(), &$saved))) {
+        // Reset activity data so we can handle it in the same functions as with OStatus
-            if ($activity->verb != ActivityVerb::POST) {
+        // because we don't let clients set their own UUIDs... Not sure what AtomPub thinks
+        // about that though.
+        $activity->id = null;
+        $activity->actor = null;    // not used anyway, we use $this->target
+        $activity->objects[0]->id = null;
+
+        $stored = null;
+        if (Event::handle('StartAtomPubNewActivity', array($activity, $this->target, &$stored))) {
             // TRANS: Client error displayed when not using the POST verb. Do not translate POST.
-                $this->clientError(_('Can only handle POST activities.'));
+            throw new ClientException(_('Could not handle this Atom Activity.'));
         }
-
+        if (!$stored instanceof Notice) {
-            $note = $activity->objects[0];
+            throw new ServerException('Server did not create a Notice object from handled AtomPub activity.');
-
-            if (!in_array($note->type, array(ActivityObject::NOTE,
-                                             ActivityObject::BLOGENTRY,
-                                             ActivityObject::STATUS))) {
-                // TRANS: Client error displayed when using an unsupported activity object type.
-                // TRANS: %s is the unsupported activity object type.
-                $this->clientError(sprintf(_('Cannot handle activity object type "%s".'),
-                                             $note->type));
         }
+        Event::handle('EndAtomPubNewActivity', array($activity, $this->target, $stored));
 
-            $saved = $this->postNote($activity);
-
-            Event::handle('EndAtomPubNewActivity', array($activity, $this->target->getUser(), $saved));
-        }
-
-        if (!empty($saved)) {
         header('HTTP/1.1 201 Created');
-            header("Location: " . common_local_url('ApiStatusesShow', array('id' => $saved->id,
+        header("Location: " . common_local_url('ApiStatusesShow', array('id' => $stored->getID(),
                                                                         'format' => 'atom')));
-            $this->showSingleAtomStatus($saved);
+        $this->showSingleAtomStatus($stored);
-        }
-    }
-
-    function postNote($activity)
-    {
-        $note = $activity->objects[0];
-
-        // Use summary as fallback for content
-
-        if (!empty($note->content)) {
-            $sourceContent = $note->content;
-        } else if (!empty($note->summary)) {
-            $sourceContent = $note->summary;
-        } else if (!empty($note->title)) {
-            $sourceContent = $note->title;
-        } else {
-            // @fixme fetch from $sourceUrl?
-            // TRANS: Client error displayed when posting a notice without content through the API.
-            // TRANS: %d is the notice ID (number).
-            $this->clientError(sprintf(_('No content for notice %d.'), $note->id));
-        }
-
-        // Get (safe!) HTML and text versions of the content
-
-        $rendered = $this->purify($sourceContent);
-        $content = common_strip_html($rendered);
-
-        $shortened = $this->auth_user->shortenLinks($content);
-
-        $options = array('is_local' => Notice::LOCAL_PUBLIC,
-                         'rendered' => $rendered,
-                         'replies' => array(),
-                         'groups' => array(),
-                         'tags' => array(),
-                         'urls' => array());
-
-        // accept remote URI (not necessarily a good idea)
-
-        common_debug("Note ID is {$note->id}");
-
-        if (!empty($note->id)) {
-            $notice = Notice::getKV('uri', trim($note->id));
-
-            if (!empty($notice)) {
-                // TRANS: Client error displayed when using another format than AtomPub.
-                // TRANS: %s is the notice URI.
-                $this->clientError(sprintf(_('Notice with URI "%s" already exists.'), $note->id));
-            }
-            common_log(LOG_NOTICE, "Saving client-supplied notice URI '$note->id'");
-            $options['uri'] = $note->id;
-        }
-
-        // accept remote create time (also maybe not such a good idea)
-
-        if (!empty($activity->time)) {
-            common_log(LOG_NOTICE, "Saving client-supplied create time {$activity->time}");
-            $options['created'] = common_sql_date($activity->time);
-        }
-
-        // Check for optional attributes...
-
-        if ($activity->context instanceof ActivityContext) {
-
-            foreach ($activity->context->attention as $uri=>$type) {
-                try {
-                    $profile = Profile::fromUri($uri);
-                    if ($profile->isGroup()) {
-                        $options['groups'][] = $profile->id;
-                    } else {
-                        $options['replies'][] = $uri;
-                    }
-                } catch (UnknownUriException $e) {
-                    common_log(LOG_WARNING, sprintf('AtomPub post with unknown attention URI %s', $uri));
-                }
-            }
-
-            // Maintain direct reply associations
-            // @fixme what about conversation ID?
-
-            if (!empty($activity->context->replyToID)) {
-                $orig = Notice::getKV('uri',
-                                          $activity->context->replyToID);
-                if (!empty($orig)) {
-                    $options['reply_to'] = $orig->id;
-                }
-            }
-
-            $location = $activity->context->location;
-
-            if ($location) {
-                $options['lat'] = $location->lat;
-                $options['lon'] = $location->lon;
-                if ($location->location_id) {
-                    $options['location_ns'] = $location->location_ns;
-                    $options['location_id'] = $location->location_id;
-                }
-            }
-        }
-
-        // Atom categories <-> hashtags
-
-        foreach ($activity->categories as $cat) {
-            if ($cat->term) {
-                $term = common_canonical_tag($cat->term);
-                if ($term) {
-                    $options['tags'][] = $term;
-                }
-            }
-        }
-
-        // Atom enclosures -> attachment URLs
-        foreach ($activity->enclosures as $href) {
-            // @fixme save these locally or....?
-            $options['urls'][] = $href;
-        }
-
-        $saved = Notice::saveNew($this->target->id,
-                                 $content,
-                                 'atompub', // TODO: deal with this
-                                 $options);
-
-        return $saved;
-    }
-
-    function purify($content)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        return htmLawed($content, $config);
     }
 }

actions/atompubsubscriptionfeed.php

@@ -230,18 +230,11 @@ class AtompubsubscriptionfeedAction extends AtompubAction
                 $this->clientError(sprintf(_('Unknown profile %s.'), $person->id));
             }
 
-            if (Subscription::exists($this->_profile, $profile)) {
+            try {
+                $sub = Subscription::start($this->_profile, $profile);
+            } catch (AlreadyFulfilledException $e) {
                 // 409 Conflict
-                // TRANS: Client error displayed trying to subscribe to an already subscribed profile.
+                $this->clientError($e->getMessage(), 409);
-                // TRANS: %s is the profile the user already has a subscription on.
-                $this->clientError(sprintf(_('Already subscribed to %s.'),
-                                           $person->id),
-                                   409);
-            }
-
-            if (Subscription::start($this->_profile, $profile)) {
-                $sub = Subscription::pkeyGet(array('subscriber' => $this->_profile->id,
-                                                   'subscribed' => $profile->id));
             }
 
             Event::handle('EndAtomPubNewActivity', array($activity, $sub));

actions/attachment_thumbnail.php

@@ -59,9 +59,9 @@ class Attachment_thumbnailAction extends AttachmentAction
         try {
             $thumbnail = $this->attachment->getThumbnail($this->thumb_w, $this->thumb_h, $this->thumb_c);
         } catch (UseFileAsThumbnailException $e) {
-            common_redirect($e->file->getUrl());
+            common_redirect($e->file->getUrl(), 302);
         }
 
-        common_redirect($thumbnail->getUrl());
+        common_redirect(File_thumbnail::url($thumbnail->filename), 302);
     }
 }

actions/avatarsettings.php

@@ -28,13 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-
-
-define('MAX_ORIGINAL', 480);
 
 /**
  * Upload an avatar
@@ -82,11 +76,11 @@ class AvatarsettingsAction extends SettingsAction
     /**
      * Content area of the page
      *
-     * Shows a form for uploading an avatar.
+     * Shows a form for uploading an avatar. Currently overrides FormAction's showContent
+     * since we haven't made classes out of AvatarCropForm and AvatarUploadForm.
      *
      * @return void
      */
-
     function showContent()
     {
         if ($this->mode == 'crop') {
@@ -249,51 +243,18 @@ class AvatarsettingsAction extends SettingsAction
         $this->elementEnd('form');
     }
 
-    /**
+    protected function doPost()
-     * Handle a post
-     *
-     * We mux on the button name to figure out what the user actually wanted.
-     *
-     * @return void
-     */
-    function handlePost()
     {
-        // Workaround for PHP returning empty $_POST and $_FILES when POST
-        // length > post_max_size in php.ini
-
-        if (empty($_FILES)
-            && empty($_POST)
-            && ($_SERVER['CONTENT_LENGTH'] > 0)
-        ) {
-            // TRANS: Client error displayed when the number of bytes in a POST request exceeds a limit.
-            // TRANS: %s is the number of bytes of the CONTENT_LENGTH.
-            $msg = _m('The server was unable to handle that much POST data (%s byte) due to its current configuration.',
-                      'The server was unable to handle that much POST data (%s bytes) due to its current configuration.',
-                      intval($_SERVER['CONTENT_LENGTH']));
-            $this->showForm(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
-            return;
-        }
-
-        // CSRF protection
-
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. '.
-                               'Try again, please.'));
-            return;
-        }
-
         if (Event::handle('StartAvatarSaveForm', array($this))) {
-            if ($this->arg('upload')) {
+            if ($this->trimmed('upload')) {
-                $this->uploadAvatar();
+                return $this->uploadAvatar();
-                } else if ($this->arg('crop')) {
+            } else if ($this->trimmed('crop')) {
-                    $this->cropAvatar();
+                return $this->cropAvatar();
-                } else if ($this->arg('delete')) {
+            } else if ($this->trimmed('delete')) {
-                    $this->deleteAvatar();
+                return $this->deleteAvatar();
             } else {
                 // TRANS: Unexpected validation error on avatar upload form.
-                    $this->showForm(_('Unexpected form submission.'));
+                throw new ClientException(_('Unexpected form submission.'));
             }
             Event::handle('EndAvatarSaveForm', array($this));
         }
@@ -309,21 +270,12 @@ class AvatarsettingsAction extends SettingsAction
      */
     function uploadAvatar()
     {
-        try {
+        // ImageFile throws exception if something goes wrong, which we'll
+        // pick up and show as an error message above the form.
         $imagefile = ImageFile::fromUpload('avatarfile');
-        } catch (Exception $e) {
-            $this->showForm($e->getMessage());
-            return;
-        }
-        if ($imagefile === null) {
-            // TRANS: Validation error on avatar upload form when no file was uploaded.
-            $this->showForm(_('No file uploaded.'));
-            return;
-        }
 
-        $cur = common_current_user();
         $type = $imagefile->preferredType();
-        $filename = Avatar::filename($cur->id,
+        $filename = Avatar::filename($this->scoped->getID(),
                                      image_type_to_extension($type),
                                      null,
                                      'tmp'.common_timestamp());
@@ -344,8 +296,7 @@ class AvatarsettingsAction extends SettingsAction
         $this->mode = 'crop';
 
         // TRANS: Avatar upload form instruction after uploading a file.
-        $this->showForm(_('Pick a square area of the image to be your avatar.'),
+        return _('Pick a square area of the image to be your avatar.');
-                        true);
     }
 
     /**
@@ -357,36 +308,46 @@ class AvatarsettingsAction extends SettingsAction
     {
         $filedata = $_SESSION['FILEDATA'];
 
-        if (!$filedata) {
+        if (empty($filedata)) {
             // TRANS: Server error displayed if an avatar upload went wrong somehow server side.
-            $this->serverError(_('Lost our file data.'));
+            throw new ServerException(_('Lost our file data.'));
         }
 
-        $file_d = ($filedata['width'] > $filedata['height'])
+        $file_d = min($filedata['width'],  $filedata['height']);
-                     ? $filedata['height'] : $filedata['width'];
 
         $dest_x = $this->arg('avatar_crop_x') ? $this->arg('avatar_crop_x'):0;
         $dest_y = $this->arg('avatar_crop_y') ? $this->arg('avatar_crop_y'):0;
         $dest_w = $this->arg('avatar_crop_w') ? $this->arg('avatar_crop_w'):$file_d;
         $dest_h = $this->arg('avatar_crop_h') ? $this->arg('avatar_crop_h'):$file_d;
-        $size = intval(min($dest_w, $dest_h, MAX_ORIGINAL));
+        $size = intval(min($dest_w, $dest_h, common_config('avatar', 'maxsize')));
 
-        $user = common_current_user();
+        $box = array('width' => $size, 'height' => $size,
-        $profile = $user->getProfile();
+                     'x' => $dest_x,   'y' => $dest_y,
+                     'w' => $dest_w,   'h' => $dest_h);
 
-        $imagefile = new ImageFile($user->id, $filedata['filepath']);
+        $imagefile = new ImageFile(null, $filedata['filepath']);
-        $filename = $imagefile->resize($size, $dest_x, $dest_y, $dest_w, $dest_h);
+        $filename = Avatar::filename($this->scoped->getID(), image_type_to_extension($imagefile->preferredType()),
+                                     $size, common_timestamp());
+        try {
+            $imagefile->resizeTo(Avatar::path($filename), $box);
+        } catch (UseFileAsThumbnailException $e) {
+            common_debug('Using uploaded avatar directly without resizing, copying it to: '.$filename);
+            if (!copy($filedata['filepath'], Avatar::path($filename))) {
+                common_debug('Tried to copy image file '.$filedata['filepath'].' to destination '.Avatar::path($filename));
+                throw new ServerException('Could not copy file to destination.');
+            }
+        }
 
-        if ($profile->setOriginal($filename)) {
+        if ($this->scoped->setOriginal($filename)) {
             @unlink($filedata['filepath']);
             unset($_SESSION['FILEDATA']);
             $this->mode = 'upload';
             // TRANS: Success message for having updated a user avatar.
-            $this->showForm(_('Avatar updated.'), true);
+            return _('Avatar updated.');
-        } else {
-            // TRANS: Error displayed on the avatar upload page if the avatar could not be updated for an unknown reason.
-            $this->showForm(_('Failed updating avatar.'));
         }
+
+        // TRANS: Error displayed on the avatar upload page if the avatar could not be updated for an unknown reason.
+        throw new ServerException(_('Failed updating avatar.'));
     }
 
     /**
@@ -396,13 +357,10 @@ class AvatarsettingsAction extends SettingsAction
      */
     function deleteAvatar()
     {
-        $user = common_current_user();
+        Avatar::deleteFromProfile($this->scoped);
-        $profile = $user->getProfile();
-
-        Avatar::deleteFromProfile($profile);
 
         // TRANS: Success message for deleting a user avatar.
-        $this->showForm(_('Avatar deleted.'), true);
+        return _('Avatar deleted.');
     }
 
     /**

actions/backupaccount.php

@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    // This check helps protect against security problems;
-    // your code file can't be executed directly from the web.
-    exit(1);
-}
 
 /**
  * Download a backup of your own account to the browser
@@ -48,38 +44,19 @@ if (!defined('STATUSNET')) {
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  * @link      http://status.net/
  */
-class BackupaccountAction extends Action
+class BackupaccountAction extends FormAction
 {
-    /**
+    protected $form = 'BackupAccount';
-     * Returns the title of the page
+
-     *
-     * @return string page title
-     */
     function title()
     {
         // TRANS: Title for backup account page.
         return _('Backup account');
     }
 
-    /**
+    protected function doPreparation()
-     * For initializing members of the class.
-     *
-     * @param array $argarray misc. arguments
-     *
-     * @return boolean true
-     */
-    function prepare($argarray)
     {
-        parent::prepare($argarray);
+        if (!$this->scoped->hasRight(Right::BACKUPACCOUNT)) {
-
-        $cur = common_current_user();
-
-        if (empty($cur)) {
-            // TRANS: Client exception thrown when trying to backup an account while not logged in.
-            throw new ClientException(_('Only logged-in users can backup their account.'), 403);
-        }
-
-        if (!$cur->hasRight(Right::BACKUPACCOUNT)) {
             // TRANS: Client exception thrown when trying to backup an account without having backup rights.
             throw new ClientException(_('You may not backup your account.'), 403);
         }
@@ -87,40 +64,11 @@ class BackupaccountAction extends Action
         return true;
     }
 
-    /**
+    protected function doPost()
-     * Handler method
-     *
-     * @param array $argarray is ignored since it's now passed in in prepare()
-     *
-     * @return void
-     */
-    function handle($argarray=null)
     {
-        parent::handle($argarray);
+        $stream = new UserActivityStream($this->scoped->getUser(), true, UserActivityStream::OUTPUT_RAW);
 
-        if ($this->isPost()) {
+        header('Content-Disposition: attachment; filename='.urlencode($this->scoped->getNickname()).'.atom');
-            $this->sendFeed();
-        } else {
-            $this->showPage();
-        }
-        return;
-    }
-
-    /**
-     * Send a feed of the user's activities to the browser
-     *
-     * Uses the UserActivityStream class; may take a long time!
-     *
-     * @return void
-     */
-
-    function sendFeed()
-    {
-        $cur = common_current_user();
-
-        $stream = new UserActivityStream($cur, true, UserActivityStream::OUTPUT_RAW);
-
-        header('Content-Disposition: attachment; filename='.$cur->nickname.'.atom');
         header('Content-Type: application/atom+xml; charset=utf-8');
 
         // @fixme atom feed logic is in getString...
@@ -128,39 +76,10 @@ class BackupaccountAction extends Action
         $this->raw($stream->getString());
     }
 
-    /**
+    public function isReadOnly($args) {
-     * Show a little form so that the person can request a backup.
-     *
-     * @return void
-     */
-
-    function showContent()
-    {
-        $form = new BackupAccountForm($this);
-        $form->show();
-    }
-
-    /**
-     * Return true if read only.
-     *
-     * MAY override
-     *
-     * @param array $args other arguments
-     *
-     * @return boolean is read only action?
-     */
-    function isReadOnly($args)
-    {
         return true;
     }
 
-    /**
-     * Return last modified, if applicable.
-     *
-     * MAY override
-     *
-     * @return string last modified http header
-     */
     function lastModified()
     {
         // For comparison with If-Last-Modified
@@ -168,89 +87,8 @@ class BackupaccountAction extends Action
         return null;
     }
 
-    /**
-     * Return etag, if applicable.
-     *
-     * MAY override
-     *
-     * @return string etag http header
-     */
     function etag()
     {
         return null;
     }
 }
-
-/**
- * A form for backing up the account.
- *
- * @category  Account
- * @package   StatusNet
- * @author    Evan Prodromou <evan@status.net>
- * @copyright 2010 StatusNet, Inc.
- * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
- * @link      http://status.net/
- */
-class BackupAccountForm extends Form
-{
-    /**
-     * Class of the form.
-     *
-     * @return string the form's class
-     */
-    function formClass()
-    {
-        return 'form_profile_backup';
-    }
-
-    /**
-     * URL the form posts to
-     *
-     * @return string the form's action URL
-     */
-    function action()
-    {
-        return common_local_url('backupaccount');
-    }
-
-    /**
-     * Output form data
-     *
-     * Really, just instructions for doing a backup.
-     *
-     * @return void
-     */
-    function formData()
-    {
-        $msg =
-            // TRANS: Information displayed on the backup account page.
-            _('You can backup your account data in '.
-              '<a href="http://activitystrea.ms/">Activity Streams</a> '.
-              'format. This is an experimental feature and provides an '.
-              'incomplete backup; private account '.
-              'information like email and IM addresses is not backed up. '.
-              'Additionally, uploaded files and direct messages are not '.
-              'backed up.');
-        $this->out->elementStart('p');
-        $this->out->raw($msg);
-        $this->out->elementEnd('p');
-    }
-
-    /**
-     * Buttons for the form
-     *
-     * In this case, a single submit button
-     *
-     * @return void
-     */
-    function formActions()
-    {
-        $this->out->submit('submit',
-                           // TRANS: Submit button to backup an account on the backup account page.
-                           _m('BUTTON', 'Backup'),
-                           'submit',
-                           null,
-                           // TRANS: Title for submit button to backup an account on the backup account page.
-                           _('Backup your account.'));
-    }
-}

actions/cancelsubscription.php

@@ -43,23 +43,17 @@ class CancelsubscriptionAction extends FormAction
 {
     protected $needPost = true;
 
-    protected function prepare(array $args=array())
+    protected function doPreparation()
     {
-        parent::prepare($args);
-
         $profile_id = $this->int('unsubscribeto');
         $this->target = Profile::getKV('id', $profile_id);
         if (!$this->target instanceof Profile) {
             throw new NoProfileException($profile_id);
         }
-
-        return true;
     }
 
-    protected function handlePost()
+    protected function doPost()
     {
-        parent::handlePost();
-
         try {
             $request = Subscription_queue::pkeyGet(array('subscriber' => $this->scoped->id,
                                                          'subscribed' => $this->target->id));
@@ -70,7 +64,7 @@ class CancelsubscriptionAction extends FormAction
             common_debug('Tried to cancel a non-existing pending subscription');
         }
 
-        if (StatusNet::isAjax()) {
+        if (GNUsocial::isAjax()) {
             $this->startHTML('text/xml;charset=utf-8');
             $this->elementStart('head');
             // TRANS: Title after unsubscribing from a group.
@@ -82,10 +76,7 @@ class CancelsubscriptionAction extends FormAction
             $this->elementEnd('body');
             $this->endHTML();
             exit();
-        } else {
+        }
-            common_redirect(common_local_url('subscriptions',
+        common_redirect(common_local_url('subscriptions', array('nickname' => $this->scoped->getNickname())), 303);
-                                             array('nickname' => $this->scoped->nickname)),
-                            303);
-        }
     }
 }

actions/conversation.php

@@ -49,24 +49,9 @@ class ConversationAction extends ManagedAction
     var $page        = null;
     var $notices     = null;
 
-    /**
+    protected function doPreparation()
-     * Initialization.
-     *
-     * @param array $args Web and URL arguments
-     *
-     * @return boolean false if id not passed in
-     */
-    protected function prepare(array $args=array())
     {
-        parent::prepare($args);
+        $this->conv = Conversation::getByID($this->int('id'));
-        $convId = $this->int('id');
-
-        $this->conv = Conversation::getKV('id', $convId);
-        if (!$this->conv instanceof Conversation) {
-            throw new ClientException('Could not find specified conversation');
-        }
-
-        return true;
     }
 
     /**
@@ -90,14 +75,14 @@ class ConversationAction extends ManagedAction
     function showContent()
     {
         if (Event::handle('StartShowConversation', array($this, $this->conv, $this->scoped))) {
-            $notices = $this->conv->getNotices();
+            $notices = $this->conv->getNotices($this->scoped);
             $nl = new FullThreadedNoticeList($notices, $this, $this->scoped);
             $cnt = $nl->show();
         }
         Event::handle('EndShowConversation', array($this, $this->conv, $this->scoped));
     }
 
-    function isReadOnly()
+    function isReadOnly($args)
     {
         return true;
     }
@@ -108,7 +93,7 @@ class ConversationAction extends ManagedAction
         return array(new Feed(Feed::JSON,
                               common_local_url('apiconversation',
                                                array(
-                                                    'id' => $this->conv->id,
+                                                    'id' => $this->conv->getID(),
                                                     'format' => 'as')),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
@@ -116,7 +101,7 @@ class ConversationAction extends ManagedAction
                      new Feed(Feed::RSS2,
                               common_local_url('apiconversation',
                                                array(
-                                                    'id' => $this->conv->id,
+                                                    'id' => $this->conv->getID(),
                                                     'format' => 'rss')),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
@@ -124,11 +109,11 @@ class ConversationAction extends ManagedAction
                      new Feed(Feed::ATOM,
                               common_local_url('apiconversation',
                                                array(
-                                                    'id' => $this->conv->id,
+                                                    'id' => $this->conv->getID(),
                                                     'format' => 'atom')),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
-                              _('Conversation feed (Activity Streams JSON)')));
+                              _('Conversation feed (Atom)')));
     }
 }
 

actions/deletenotice.php

@@ -28,80 +28,24 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 // @todo FIXME: documentation needed.
-class DeletenoticeAction extends Action
+class DeletenoticeAction extends FormAction
 {
-    var $error        = null;
+    protected $notice = null;
-    var $user         = null;
-    var $notice       = null;
-    var $profile      = null;
-    var $user_profile = null;
 
-    function prepare($args)
+    protected function doPreparation()
     {
-        parent::prepare($args);
+        $this->notice = Notice::getByID($this->trimmed('notice'));
 
-        $this->user   = common_current_user();
+        if (!$this->scoped->sameAs($this->notice->getProfile()) &&
-
+                   !$this->scoped->hasRight(Right::DELETEOTHERSNOTICE)) {
-        if (!$this->user) {
-            // TRANS: Error message displayed when trying to perform an action that requires a logged in user.
-            common_user_error(_('Not logged in.'));
-            exit;
-        }
-
-        $notice_id    = $this->trimmed('notice');
-        $this->notice = Notice::getKV($notice_id);
-
-        if (!$this->notice) {
-            // TRANS: Error message displayed trying to delete a non-existing notice.
-            common_user_error(_('No such notice.'));
-            exit;
-        }
-
-        $this->profile      = $this->notice->getProfile();
-        $this->user_profile = $this->user->getProfile();
-
-        return true;
-    }
-
-    function handle($args)
-    {
-        parent::handle($args);
-
-        if ($this->notice->profile_id != $this->user_profile->id &&
-                   !$this->user->hasRight(Right::DELETEOTHERSNOTICE)) {
             // TRANS: Error message displayed trying to delete a notice that was not made by the current user.
-            common_user_error(_('Cannot delete this notice.'));
+            $this->clientError(_('Cannot delete this notice.'));
-            exit;
-        }
-        // XXX: Ajax!
-
-        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-            $this->deleteNotice();
-        } else if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-            $this->showForm();
-        }
         }
 
-    /**
+        $this->formOpts['notice'] = $this->notice;
-     * Show the page notice
-     *
-     * Shows instructions for the page
-     *
-     * @return void
-     */
-    function showPageNotice()
-    {
-        $instr  = $this->getInstructions();
-        $output = common_markup_to_html($instr);
-
-        $this->elementStart('div', 'instructions');
-        $this->raw($output);
-        $this->elementEnd('div');
     }
 
     function getInstructions()
@@ -117,84 +61,15 @@ class DeletenoticeAction extends Action
         return _('Delete notice');
     }
 
-    /**
+    protected function doPost()
-     * Wrapper for showing a page
-     *
-     * Stores an error and shows the page
-     *
-     * @param string $error Error, if any
-     *
-     * @return void
-     */
-    function showForm($error = null)
     {
-        $this->error = $error;
-        $this->showPage();
-    }
-
-    /**
-     * Insert delete notice form into the content
-     *
-     * @return void
-     */
-    function showContent()
-    {
-        $this->elementStart('form', array('id' => 'form_notice_delete',
-                                          'class' => 'form_settings',
-                                          'method' => 'post',
-                                          'action' => common_local_url('deletenotice')));
-        $this->elementStart('fieldset');
-        // TRANS: Fieldset legend for the delete notice form.
-        $this->element('legend', null, _('Delete notice'));
-        $this->hidden('token', common_session_token());
-        $this->hidden('notice', $this->trimmed('notice'));
-        // TRANS: Message for the delete notice form.
-        $this->element('p', null, _('Are you sure you want to delete this notice?'));
-        $this->submit('form_action-no',
-                      // TRANS: Button label on the delete notice form.
-                      _m('BUTTON','No'),
-                      'submit form_action-primary',
-                      'no',
-                      // TRANS: Submit button title for 'No' when deleting a notice.
-                      _('Do not delete this notice.'));
-        $this->submit('form_action-yes',
-                      // TRANS: Button label on the delete notice form.
-                      _m('BUTTON','Yes'),
-                      'submit form_action-secondary',
-                      'yes',
-                      // TRANS: Submit button title for 'Yes' when deleting a notice.
-                      _('Delete this notice.'));
-        $this->elementEnd('fieldset');
-        $this->elementEnd('form');
-    }
-
-    function deleteNotice()
-    {
-        // CSRF protection
-        $token = $this->trimmed('token');
-
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. ' .
-                              'Try again, please.'));
-            return;
-        }
-
         if ($this->arg('yes')) {
-            if (Event::handle('StartDeleteOwnNotice', array($this->user, $this->notice))) {
+            if (Event::handle('StartDeleteOwnNotice', array($this->scoped->getUser(), $this->notice))) {
-                $this->notice->delete();
+                $this->notice->deleteAs($this->scoped);
-                Event::handle('EndDeleteOwnNotice', array($this->user, $this->notice));
+                Event::handle('EndDeleteOwnNotice', array($this->scoped->getUser(), $this->notice));
             }
         }
 
-        $url = common_get_returnto();
+        common_redirect(common_get_returnto(), 303);
-
-        if ($url) {
-            common_set_returnto(null);
-        } else {
-            $url = common_local_url('public');
-        }
-
-        common_redirect($url, 303);
     }
 }

actions/deleteuser.php

@@ -27,9 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Delete a user
@@ -44,33 +42,30 @@ class DeleteuserAction extends ProfileFormAction
 {
     var $user = null;
 
-    /**
+    function prepare(array $args=array())
-     * Take arguments for running
-     *
-     * @param array $args $_REQUEST args
-     *
-     * @return boolean success flag
-     */
-    function prepare($args)
     {
         if (!parent::prepare($args)) {
             return false;
         }
 
-        $cur = common_current_user();
+        assert($this->scoped instanceof Profile);
 
-        assert(!empty($cur)); // checked by parent
+        if (!$this->scoped->hasRight(Right::DELETEUSER)) {
-
-        if (!$cur->hasRight(Right::DELETEUSER)) {
             // TRANS: Client error displayed when trying to delete a user without having the right to delete users.
-            $this->clientError(_('You cannot delete users.'));
+            throw new AuthorizationException(_('You cannot delete users.'));
         }
 
-        $this->user = User::getKV('id', $this->profile->id);
+        try {
-
+            $this->user = $this->profile->getUser();
-        if (empty($this->user)) {
+        } catch (NoSuchUserException $e) {
             // TRANS: Client error displayed when trying to delete a non-local user.
-            $this->clientError(_('You can only delete local users.'));
+            throw new ClientException(_('You can only delete local users.'));
+        }
+
+        // Only administrators can delete other privileged users (such as others who have the right to silence).
+        if ($this->profile->isPrivileged() && !$this->scoped->hasRole(Profile_role::ADMINISTRATOR)) {
+            // TRANS: Client error displayed when trying to delete a user that has been granted moderation privileges
+            throw new AuthorizationException(_('You cannot delete other privileged users.'));
         }
 
         return true;

actions/doc.php

@@ -28,9 +28,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Documentation class.
@@ -42,16 +40,14 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
  * @link     http://status.net/
  */
-class DocAction extends Action
+class DocAction extends ManagedAction
 {
     var $output   = null;
     var $filename = null;
     var $title    = null;
 
-    function prepare($args)
+    protected function doPreparation()
     {
-        parent::prepare($args);
-
         $this->title  = $this->trimmed('title');
         if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) {
             $this->title = 'help';
@@ -59,52 +55,11 @@ class DocAction extends Action
         $this->output = null;
 
         $this->loadDoc();
-        return true;
     }
 
-    /**
+    public function title()
-     * Handle a request
-     *
-     * @param array $args array of arguments
-     *
-     * @return nothing
-     */
-    function handle($args)
     {
-        parent::handle($args);
+        return ucfirst($this->title);
-        $this->showPage();
-    }
-
-    /**
-     * Page title
-     *
-     * Gives the page title of the document. Override default for hAtom entry.
-     *
-     * @return void
-     */
-    function showPageTitle()
-    {
-        $this->element('h1', array('class' => 'entry-title'), $this->title());
-    }
-
-    /**
-     * Block for content.
-     *
-     * Overrides default from Action to wrap everything in an hAtom entry.
-     *
-     * @return void.
-     */
-    function showContentBlock()
-    {
-        $this->elementStart('div', array('id' => 'content', 'class' => 'h-entry'));
-        $this->showPageTitle();
-        $this->showPageNoticeBlock();
-        $this->elementStart('div', array('id' => 'content_inner',
-                                         'class' => 'e-content'));
-        // show the actual content (forms, lists, whatever)
-        $this->showContent();
-        $this->elementEnd('div');
-        $this->elementEnd('div');
     }
 
     /**
@@ -119,16 +74,9 @@ class DocAction extends Action
         $this->raw($this->output);
     }
 
-    /**
+    function showNoticeForm()
-     * Page title.
-     *
-     * Uses the title of the document.
-     *
-     * @return page title
-     */
-    function title()
     {
-        return ucfirst($this->title);
+        // no notice form
     }
 
     /**
@@ -174,11 +122,15 @@ class DocNav extends Menu
 {
     function show()
     {
+        if (Event::handle('StartDocNav', array($this))) {
             $stub = new HomeStubNav($this->action);
             $this->submenu(_m('MENU','Home'), $stub);
 
             $docs = new DocListNav($this->action);
             $this->submenu(_m('MENU','Docs'), $docs);
+            
+            Event::handle('EndDocNav', array($this));
+        }
     }
 }
 

actions/emailsettings.php

@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-
 
 /**
  * Settings for email
@@ -91,7 +87,7 @@ class EmailsettingsAction extends SettingsAction
      */
     function showContent()
     {
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
 
         $this->elementStart('form', array('method' => 'post',
                                           'id' => 'form_settings_email',
@@ -112,8 +108,8 @@ class EmailsettingsAction extends SettingsAction
             // TRANS: Button label to remove a confirmed e-mail address.
             $this->submit('remove', _m('BUTTON','Remove'));
         } else {
+            try {
                 $confirm = $this->getConfirmation();
-            if ($confirm) {
                 $this->element('p', array('id' => 'form_unconfirmed'), $confirm->address);
                 $this->element('p', array('class' => 'form_note'),
                                         // TRANS: Form note in e-mail settings form.
@@ -123,12 +119,12 @@ class EmailsettingsAction extends SettingsAction
                 $this->hidden('email', $confirm->address);
                 // TRANS: Button label to cancel an e-mail address confirmation procedure.
                 $this->submit('cancel', _m('BUTTON','Cancel'));
-            } else {
+            } catch (NoResultException $e) {
                 $this->elementStart('ul', 'form_data');
                 $this->elementStart('li');
                 // TRANS: Field label for e-mail address input in e-mail settings form.
                 $this->input('email', _('Email address'),
-                             ($this->arg('email')) ? $this->arg('email') : null,
+                             $this->trimmed('email') ?: null,
                              // TRANS: Instructions for e-mail address input form. Do not translate
                              // TRANS: "example.org". It is one of the domain names reserved for
                              // TRANS: use in examples by http://www.rfc-editor.org/rfc/rfc2606.txt.
@@ -231,12 +227,6 @@ class EmailsettingsAction extends SettingsAction
                             _('Allow friends to nudge me and send me an email.'),
                             $user->emailnotifynudge);
             $this->elementEnd('li');
-            $this->elementStart('li');
-            $this->checkbox('emailmicroid',
-                            // TRANS: Checkbox label in e-mail preferences form.
-                            _('Publish a MicroID for my email address.'),
-                            $user->emailmicroid);
-            $this->elementEnd('li');
             Event::handle('EndEmailFormData', array($this, $this->scoped));
         }
         $this->elementEnd('ul');
@@ -254,56 +244,36 @@ class EmailsettingsAction extends SettingsAction
      */
     function getConfirmation()
     {
-        $user = common_current_user();
-
         $confirm = new Confirm_address();
 
-        $confirm->user_id      = $user->id;
+        $confirm->user_id      = $this->scoped->getID();
         $confirm->address_type = 'email';
 
         if ($confirm->find(true)) {
             return $confirm;
-        } else {
-            return null;
-        }
         }
 
-    /**
+        throw new NoResultException($confirm);
-     * Handle posts
+    }
-     *
+
-     * Since there are a lot of different options on the page, we
+    protected function doPost()
-     * figure out what we're supposed to do based on which button was
-     * pushed
-     *
-     * @return void
-     */
-    function handlePost()
     {
-        // CSRF protection
+        if ($this->arg('save')) {
-        $token = $this->trimmed('token');
+            return $this->savePreferences();
-        if (!$token || $token != common_session_token()) {
+        } else if ($this->arg('add')) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
+            return $this->addAddress();
-            $this->show_form(_('There was a problem with your session token. '.
+        } else if ($this->arg('cancel')) {
-                               'Try again, please.'));
+            return $this->cancelConfirmation();
-            return;
+        } else if ($this->arg('remove')) {
+            return $this->removeAddress();
+        } else if ($this->arg('removeincoming')) {
+            return $this->removeIncoming();
+        } else if ($this->arg('newincoming')) {
+            return $this->newIncoming();
         }
 
-        if ($this->arg('save')) {
-            $this->savePreferences();
-        } else if ($this->arg('add')) {
-            $this->addAddress();
-        } else if ($this->arg('cancel')) {
-            $this->cancelConfirmation();
-        } else if ($this->arg('remove')) {
-            $this->removeAddress();
-        } else if ($this->arg('removeincoming')) {
-            $this->removeIncoming();
-        } else if ($this->arg('newincoming')) {
-            $this->newIncoming();
-        } else {
         // TRANS: Message given submitting a form with an unknown action in e-mail settings.
-            $this->showForm(_('Unexpected form submission.'));
+        throw new ClientException(_('Unexpected form submission.'));
-        }
     }
 
     /**
@@ -313,44 +283,38 @@ class EmailsettingsAction extends SettingsAction
      */
     function savePreferences()
     {
-        $user = common_current_user();
-
         if (Event::handle('StartEmailSaveForm', array($this, $this->scoped))) {
-            $emailnotifysub   = $this->boolean('emailnotifysub');
+            $emailnotifysub   = $this->booleanintstring('emailnotifysub');
-            $emailnotifymsg   = $this->boolean('emailnotifymsg');
+            $emailnotifymsg   = $this->booleanintstring('emailnotifymsg');
-            $emailnotifynudge = $this->boolean('emailnotifynudge');
+            $emailnotifynudge = $this->booleanintstring('emailnotifynudge');
-            $emailnotifyattn  = $this->boolean('emailnotifyattn');
+            $emailnotifyattn  = $this->booleanintstring('emailnotifyattn');
-            $emailmicroid     = $this->boolean('emailmicroid');
+            $emailpost        = $this->booleanintstring('emailpost');
-            $emailpost        = $this->boolean('emailpost');
-
-            assert(!is_null($user)); // should already be checked
 
+            $user = $this->scoped->getUser();
             $user->query('BEGIN');
-
             $original = clone($user);
 
             $user->emailnotifysub   = $emailnotifysub;
             $user->emailnotifymsg   = $emailnotifymsg;
             $user->emailnotifynudge = $emailnotifynudge;
             $user->emailnotifyattn  = $emailnotifyattn;
-            $user->emailmicroid     = $emailmicroid;
             $user->emailpost        = $emailpost;
 
             $result = $user->update($original);
 
             if ($result === false) {
                 common_log_db_error($user, 'UPDATE', __FILE__);
+                $user->query('ROLLBACK');
                 // TRANS: Server error thrown on database error updating e-mail preferences.
-                $this->serverError(_('Could not update user.'));
+                throw new ServerException(_('Could not update user.'));
             }
 
             $user->query('COMMIT');
 
             Event::handle('EndEmailSaveForm', array($this, $this->scoped));
-
-            // TRANS: Confirmation message for successful e-mail preferences save.
-            $this->showForm(_('Email preferences saved.'), true);
         }
+        // TRANS: Confirmation message for successful e-mail preferences save.
+        return _('Email preferences saved.');
     }
 
     /**
@@ -360,38 +324,32 @@ class EmailsettingsAction extends SettingsAction
      */
     function addAddress()
     {
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
 
         $email = $this->trimmed('email');
 
         // Some validation
 
-        if (!$email) {
+        if (empty($email)) {
             // TRANS: Message given saving e-mail address without having provided one.
-            $this->showForm(_('No email address.'));
+            throw new ClientException(_('No email address.'));
-            return;
         }
 
         $email = common_canonical_email($email);
 
-        if (!$email) {
+        if (empty($email)) {
             // TRANS: Message given saving e-mail address that cannot be normalised.
-            $this->showForm(_('Cannot normalize that email address.'));
+            throw new ClientException(_('Cannot normalize that email address.'));
-            return;
         }
         if (!Validate::email($email, common_config('email', 'check_domain'))) {
             // TRANS: Message given saving e-mail address that not valid.
-            $this->showForm(_('Not a valid email address.'));
+            throw new ClientException(_('Not a valid email address.'));
-            return;
         } else if ($user->email == $email) {
             // TRANS: Message given saving e-mail address that is already set.
-            $this->showForm(_('That is already your email address.'));
+            throw new ClientException(_('That is already your email address.'));
-            return;
         } else if ($this->emailExists($email)) {
             // TRANS: Message given saving e-mail address that is already set for another user.
-            $this->showForm(_('That email address already belongs '.
+            throw new ClientException(_('That email address already belongs to another user.'));
-                              'to another user.'));
-            return;
         }
 
         if (Event::handle('StartAddEmailAddress', array($user, $email))) {
@@ -400,7 +358,7 @@ class EmailsettingsAction extends SettingsAction
 
             $confirm->address      = $email;
             $confirm->address_type = 'email';
-            $confirm->user_id      = $user->id;
+            $confirm->user_id      = $user->getID();
             $confirm->code         = common_confirmation_code(64);
 
             $result = $confirm->insert();
@@ -408,20 +366,19 @@ class EmailsettingsAction extends SettingsAction
             if ($result === false) {
                 common_log_db_error($confirm, 'INSERT', __FILE__);
                 // TRANS: Server error thrown on database error adding e-mail confirmation code.
-                $this->serverError(_('Could not insert confirmation code.'));
+                throw new ServerException(_('Could not insert confirmation code.'));
             }
 
-            mail_confirm_address($user, $confirm->code, $user->nickname, $email);
+            common_debug('Sending confirmation address for user '.$user->getID().' to email '.$email);
+            mail_confirm_address($user, $confirm->code, $user->getNickname(), $email);
 
             Event::handle('EndAddEmailAddress', array($user, $email));
         }
 
         // TRANS: Message given saving valid e-mail address that is to be confirmed.
-        $msg = _('A confirmation code was sent to the email address you added. '.
+        return _('A confirmation code was sent to the email address you added. '.
                  'Check your inbox (and spam box!) for the code and instructions '.
                  'on how to use it.');
-
-        $this->showForm($msg, true);
     }
 
     /**
@@ -431,31 +388,29 @@ class EmailsettingsAction extends SettingsAction
      */
     function cancelConfirmation()
     {
-        $email = $this->arg('email');
+        $email = $this->trimmed('email');
 
+        try {
             $confirm = $this->getConfirmation();
-
+            if ($confirm->address !== $email) {
-        if (!$confirm) {
-            // TRANS: Message given canceling e-mail address confirmation that is not pending.
-            $this->showForm(_('No pending confirmation to cancel.'));
-            return;
-        }
-        if ($confirm->address != $email) {
                 // TRANS: Message given canceling e-mail address confirmation for the wrong e-mail address.
-            $this->showForm(_('That is the wrong email address.'));
+                throw new ClientException(_('That is the wrong email address.'));
-            return;
+            }
+        } catch (NoResultException $e) {
+            // TRANS: Message given canceling e-mail address confirmation that is not pending.
+            throw new AlreadyFulfilledException(_('No pending confirmation to cancel.'));
         }
 
         $result = $confirm->delete();
 
-        if (!$result) {
+        if ($result === false) {
             common_log_db_error($confirm, 'DELETE', __FILE__);
             // TRANS: Server error thrown on database error canceling e-mail address confirmation.
-            $this->serverError(_('Could not delete email confirmation.'));
+            throw new ServerException(_('Could not delete email confirmation.'));
         }
 
         // TRANS: Message given after successfully canceling e-mail address confirmation.
-        $this->showForm(_('Email confirmation cancelled.'), true);
+        return _('Email confirmation cancelled.');
     }
 
     /**
@@ -467,26 +422,22 @@ class EmailsettingsAction extends SettingsAction
     {
         $user = common_current_user();
 
-        $email = $this->arg('email');
+        $email = $this->trimmed('email');
 
         // Maybe an old tab open...?
-
+        if ($user->email !== $email) {
-        if ($user->email != $email) {
             // TRANS: Message given trying to remove an e-mail address that is not
             // TRANS: registered for the active user.
-            $this->showForm(_('That is not your email address.'));
+            throw new ClientException(_('That is not your email address.'));
-            return;
         }
 
         $original = clone($user);
-
         $user->email = null;
-
         // Throws exception on failure. Also performs it within a transaction.
         $user->updateWithKeys($original);
 
         // TRANS: Message given after successfully removing a registered e-mail address.
-        $this->showForm(_('The email address was removed.'), true);
+        return _('The email address was removed.');
     }
 
     /**
@@ -498,22 +449,19 @@ class EmailsettingsAction extends SettingsAction
     {
         $user = common_current_user();
 
-        if (!$user->incomingemail) {
+        if (empty($user->incomingemail)) {
             // TRANS: Form validation error displayed when trying to remove an incoming e-mail address while no address has been set.
-            $this->showForm(_('No incoming email address.'));
+            throw new AlreadyFulfilledException(_('No incoming email address.'));
-            return;
         }
 
         $orig = clone($user);
-
         $user->incomingemail = null;
         $user->emailpost = 0;
-
         // Throws exception on failure. Also performs it within a transaction.
         $user->updateWithKeys($orig);
 
         // TRANS: Message given after successfully removing an incoming e-mail address.
-        $this->showForm(_('Incoming email address removed.'), true);
+        return _('Incoming email address removed.');
     }
 
     /**
@@ -524,17 +472,14 @@ class EmailsettingsAction extends SettingsAction
     function newIncoming()
     {
         $user = common_current_user();
-
         $orig = clone($user);
-
         $user->incomingemail = mail_new_incoming_address();
         $user->emailpost = 1;
-
         // Throws exception on failure. Also performs it within a transaction.
         $user->updateWithKeys($orig);
 
         // TRANS: Message given after successfully adding an incoming e-mail address.
-        $this->showForm(_('New incoming email address added.'), true);
+        return _('New incoming email address added.');
     }
 
     /**
@@ -553,10 +498,10 @@ class EmailsettingsAction extends SettingsAction
 
         $other = User::getKV('email', $email);
 
-        if (!$other) {
+        if (!$other instanceof User) {
             return false;
-        } else {
+        }
+
         return $other->id != $user->id;
     }
 }
-}

actions/foaf.php

@@ -17,24 +17,22 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 define('LISTENER', 1);
 define('LISTENEE', -1);
 define('BOTH', 0);
 
 // @todo XXX: Documentation missing.
-class FoafAction extends Action
+class FoafAction extends ManagedAction
 {
     function isReadOnly($args)
     {
         return true;
     }
 
-    function prepare($args)
+    protected function doPreparation()
     {
-        parent::prepare($args);
-
         $nickname_arg = $this->arg('nickname');
 
         if (empty($nickname_arg)) {
@@ -69,10 +67,8 @@ class FoafAction extends Action
         return true;
     }
 
-    function handle($args)
+    public function showPage()
     {
-        parent::handle($args);
-
         header('Content-Type: application/rdf+xml');
 
         $this->startXML();
@@ -94,7 +90,7 @@ class FoafAction extends Action
 
         // Would be nice to tell if they were a Person or not (e.g. a #person usertag?)
         $this->elementStart('Agent', array('rdf:about' => $this->user->getUri()));
-        if ($this->user->email) {
+        if (common_config('foaf', 'mbox_sha1sum') && $this->user->email) {
             $this->element('mbox_sha1sum', null, sha1('mailto:' . $this->user->email));
         }
         if ($this->profile->fullname) {

actions/groupbyid.php

@@ -28,12 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/noticelist.php';
-require_once INSTALLDIR.'/lib/feedlist.php';
 
 /**
  * Permalink for a group
@@ -47,53 +42,22 @@ require_once INSTALLDIR.'/lib/feedlist.php';
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-class GroupbyidAction extends Action
+class GroupbyidAction extends ManagedAction
 {
     /** group we're viewing. */
-    var $group = null;
+    protected $group = null;
 
-    /**
-     * Is this page read-only?
-     *
-     * @return boolean true
-     */
     function isReadOnly($args)
     {
         return true;
     }
 
-    function prepare($args)
+    protected function doPreparation()
     {
-        parent::prepare($args);
+        $this->group = User_group::getByID($this->arg('id'));
-
-        $id = $this->arg('id');
-
-        if (!$id) {
-            // TRANS: Client error displayed referring to a group's permalink without providing a group ID.
-            $this->clientError(_('No ID.'));
     }
 
-        common_debug("Got ID $id");
+    public function showPage()
-
-        $this->group = User_group::getKV('id', $id);
-
-        if (!$this->group) {
-            // TRANS: Client error displayed referring to a group's permalink for a non-existing group ID.
-            $this->clientError(_('No such group.'), 404);
-        }
-
-        return true;
-    }
-
-    /**
-     * Handle the request
-     *
-     * Shows a profile for the group, some controls, and a list of
-     * group notices.
-     *
-     * @return void
-     */
-    function handle($args)
     {
         common_redirect($this->group->homeUrl(), 303);
     }

actions/grouplogo.php

@@ -28,13 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-
-
-define('MAX_ORIGINAL', 480);
 
 /**
  * Upload an avatar
@@ -390,13 +384,20 @@ class GrouplogoAction extends GroupAction
         $dest_y = $this->arg('avatar_crop_y') ? $this->arg('avatar_crop_y'):0;
         $dest_w = $this->arg('avatar_crop_w') ? $this->arg('avatar_crop_w'):$filedata['width'];
         $dest_h = $this->arg('avatar_crop_h') ? $this->arg('avatar_crop_h'):$filedata['height'];
-        $size = min($dest_w, $dest_h);
+        $size = min($dest_w, $dest_h, common_config('avatar', 'maxsize'));
-        $size = ($size > MAX_ORIGINAL) ? MAX_ORIGINAL:$size;
+        $box = array('width' => $size, 'height' => $size,
+                     'x' => $dest_x,   'y' => $dest_y,
+                     'w' => $dest_w,   'h' => $dest_h);
 
-        $imagefile = new ImageFile($this->group->id, $filedata['filepath']);
+        $profile = $this->group->getProfile();
-        $filename = $imagefile->resize($size, $dest_x, $dest_y, $dest_w, $dest_h);
 
-        if ($this->group->setOriginal($filename)) {
+        $imagefile = new ImageFile(null, $filedata['filepath']);
+        $filename = Avatar::filename($profile->getID(), image_type_to_extension($imagefile->preferredType()),
+                                     $size, common_timestamp());
+
+        $imagefile->resizeTo(Avatar::path($filename), $box);
+
+        if ($profile->setOriginal($filename)) {
             @unlink($filedata['filepath']);
             unset($_SESSION['FILEDATA']);
             $this->mode = 'upload';

actions/grouprss.php

@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/rssaction.php';
 
 define('MEMBERS_PER_SECTION', 27);
 
@@ -45,10 +41,10 @@ define('MEMBERS_PER_SECTION', 27);
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-class groupRssAction extends Rss10Action
+class GroupRssAction extends TargetedRss10Action
 {
     /** group we're viewing. */
-    var $group = null;
+    protected $group = null;
 
     /**
      * Is this page read-only?
@@ -60,18 +56,8 @@ class groupRssAction extends Rss10Action
         return true;
     }
 
-    /**
+    protected function doStreamPreparation()
-     * Prepare the action
-     *
-     * Reads and validates arguments and instantiates the attributes.
-     *
-     * @param array $args $_REQUEST args
-     *
-     * @return boolean success flag
-     */
-    function prepare($args)
     {
-        parent::prepare($args);
 
         $nickname_arg = $this->arg('nickname');
         $nickname = common_canonical_nickname($nickname_arg);
@@ -90,52 +76,32 @@ class groupRssAction extends Rss10Action
 
         $local = Local_group::getKV('nickname', $nickname);
 
-        if (!$local) {
+        if (!$local instanceof Local_group) {
             // TRANS: Client error displayed when requesting a group RSS feed for group that does not exist.
             $this->clientError(_('No such group.'), 404);
         }
 
-        $this->group = User_group::getKV('id', $local->group_id);
+        $this->group = $local->getGroup();
-
+        $this->target = $this->group->getProfile();
-        if (!$this->group) {
-            // TRANS: Client error displayed when requesting a group RSS feed for an object that is not a group.
-            $this->clientError(_('No such group.'), 404);
     }
 
-        $this->notices = $this->getNotices($this->limit);
+    protected function getNotices()
-        return true;
-    }
-
-    function getNotices($limit=0)
     {
-        $group = $this->group;
+        $stream = $this->group->getNotices(0, $this->limit);
-
+        return $stream->fetchAll();
-        if (is_null($group)) {
-            return null;
-        }
-
-        $notices = array();
-        $notice = $group->getNotices(0, ($limit == 0) ? NOTICES_PER_PAGE : $limit);
-
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
     function getChannel()
     {
-        $group = $this->group;
         $c = array('url' => common_local_url('grouprss',
                                              array('nickname' =>
-                                                   $group->nickname)),
+                                                   $this->target->getNickname())),
                    // TRANS: Message is used as link title. %s is a user nickname.
-                   'title' => sprintf(_('%s timeline'), $group->nickname),
+                   'title' => sprintf(_('%s timeline'), $this->target->getNickname()),
-                   'link' => common_local_url('showgroup', array('nickname' => $group->nickname)),
+                   'link' => common_local_url('showgroup', array('nickname' => $this->target->getNickname())),
                    // TRANS: Message is used as link description. %1$s is a group name, %2$s is a site name.
                    'description' => sprintf(_('Updates from members of %1$s on %2$s!'),
-                                            $group->nickname, common_config('site', 'name')));
+                                            $this->target->getNickname(), common_config('site', 'name')));
         return $c;
     }
 

actions/imsettings.php

@@ -27,9 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Settings for Jabber/XMPP integration
@@ -118,8 +116,8 @@ class ImsettingsAction extends SettingsAction
                 // TRANS: Button label to remove a confirmed IM address.
                 $this->submit('remove', _m('BUTTON','Remove'));
             } else {
+                try {
                     $confirm = $this->getConfirmation($transport);
-                if ($confirm) {
                     $this->element('p', 'form_unconfirmed', $confirm->address);
                     // TRANS: Form note in IM settings form.
                     $this->element('p', 'form_note',
@@ -134,7 +132,7 @@ class ImsettingsAction extends SettingsAction
                     $this->hidden('screenname', $confirm->address);
                     // TRANS: Button label to cancel an IM address confirmation procedure.
                     $this->submit('cancel', _m('BUTTON','Cancel'));
-                } else {
+                } catch (NoResultException $e) {
                     $this->elementStart('ul', 'form_data');
                     $this->elementStart('li');
                     // TRANS: Field label for IM address.
@@ -179,8 +177,6 @@ class ImsettingsAction extends SettingsAction
                 // TRANS: Checkbox label in IM preferences form.
                 array('name'=>'replies', 'description'=>_('Send me replies '.
                               'from people I\'m not subscribed to.')),
-                // TRANS: Checkbox label in IM preferences form.
-                array('name'=>'microid', 'description'=>_('Publish a MicroID'))
             );
             foreach($preferences as $preference)
             {
@@ -211,57 +207,35 @@ class ImsettingsAction extends SettingsAction
      */
     function getConfirmation($transport)
     {
-        $user = common_current_user();
-
         $confirm = new Confirm_address();
 
-        $confirm->user_id      = $user->id;
+        $confirm->user_id      = $this->scoped->getID();
         $confirm->address_type = $transport;
 
         if ($confirm->find(true)) {
             return $confirm;
-        } else {
-            return null;
-        }
         }
 
-    /**
+        throw new NoResultException($confirm);
-     * Handle posts to this form
+    }
-     *
+
-     * Based on the button that was pressed, muxes out to other functions
+    protected function doPost()
-     * to do the actual task requested.
-     *
-     * All sub-functions reload the form with a message -- success or failure.
-     *
-     * @return void
-     */
-    function handlePost()
     {
-        // CSRF protection
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. '.
-                              'Try again, please.'));
-            return;
-        }
-
         if ($this->arg('save')) {
-            $this->savePreferences();
+            return $this->savePreferences();
         } else if ($this->arg('add')) {
-            $this->addAddress();
+            return $this->addAddress();
         } else if ($this->arg('cancel')) {
-            $this->cancelConfirmation();
+            return $this->cancelConfirmation();
         } else if ($this->arg('remove')) {
-            $this->removeAddress();
+            return $this->removeAddress();
-        } else {
-            // TRANS: Message given submitting a form with an unknown action in Instant Messaging settings.
-            $this->showForm(_('Unexpected form submission.'));
         }
+        // TRANS: Message given submitting a form with an unknown action in Instant Messaging settings.
+        throw new ClientException(_('Unexpected form submission.'));
     }
 
     /**
-     * Save user's Jabber preferences
+     * Save user's XMPP preferences
      *
      * These are the checkboxes at the bottom of the page. They're used to
      * set different settings
@@ -270,14 +244,12 @@ class ImsettingsAction extends SettingsAction
      */
     function savePreferences()
     {
-        $user = common_current_user();
-
         $user_im_prefs = new User_im_prefs();
         $user_im_prefs->query('BEGIN');
-        $user_im_prefs->user_id = $user->id;
+        $user_im_prefs->user_id = $this->scoped->getID();
         if($user_im_prefs->find() && $user_im_prefs->fetch())
         {
-            $preferences = array('notify', 'updatefrompresence', 'replies', 'microid');
+            $preferences = array('notify', 'updatefrompresence', 'replies');
             do
             {
                 $original = clone($user_im_prefs);
@@ -289,15 +261,15 @@ class ImsettingsAction extends SettingsAction
                 $result = $new->update($original);
 
                 if ($result === false) {
-                    common_log_db_error($user, 'UPDATE', __FILE__);
+                    common_log_db_error($user_im_prefs, 'UPDATE', __FILE__);
                     // TRANS: Server error thrown on database error updating IM preferences.
-                    $this->serverError(_('Could not update IM preferences.'));
+                    throw new ServerException(_('Could not update IM preferences.'));
                 }
             }while($user_im_prefs->fetch());
         }
         $user_im_prefs->query('COMMIT');
         // TRANS: Confirmation message for successful IM preferences save.
-        $this->showForm(_('Preferences saved.'), true);
+        return _('Preferences saved.');
     }
 
     /**
@@ -310,49 +282,42 @@ class ImsettingsAction extends SettingsAction
      */
     function addAddress()
     {
-        $user = common_current_user();
-
         $screenname = $this->trimmed('screenname');
         $transport = $this->trimmed('transport');
 
         // Some validation
 
-        if (!$screenname) {
+        if (empty($screenname)) {
             // TRANS: Message given saving IM address without having provided one.
-            $this->showForm(_('No screenname.'));
+            throw new ClientException(_('No screenname.'));
-            return;
         }
 
-        if (!$transport) {
+        if (empty($transport)) {
             // TRANS: Form validation error when no transport is available setting an IM address.
-            $this->showForm(_('No transport.'));
+            throw new ClientException(_('No transport.'));
-            return;
         }
 
         Event::handle('NormalizeImScreenname', array($transport, &$screenname));
 
-        if (!$screenname) {
+        if (empty($screenname)) {
             // TRANS: Message given saving IM address that cannot be normalised.
-            $this->showForm(_('Cannot normalize that screenname.'));
+            throw new ClientException(_('Cannot normalize that screenname.'));
-            return;
         }
         $valid = false;
         Event::handle('ValidateImScreenname', array($transport, $screenname, &$valid));
         if (!$valid) {
             // TRANS: Message given saving IM address that not valid.
-            $this->showForm(_('Not a valid screenname.'));
+            throw new ClientException(_('Not a valid screenname.'));
-            return;
         } else if ($this->screennameExists($transport, $screenname)) {
             // TRANS: Message given saving IM address that is already set for another user.
-            $this->showForm(_('Screenname already belongs to another user.'));
+            throw new ClientException(_('Screenname already belongs to another user.'));
-            return;
         }
 
         $confirm = new Confirm_address();
 
         $confirm->address      = $screenname;
         $confirm->address_type = $transport;
-        $confirm->user_id      = $user->id;
+        $confirm->user_id      = $this->scoped->getID();
         $confirm->code         = common_confirmation_code(64);
         $confirm->sent         = common_sql_now();
         $confirm->claimed      = common_sql_now();
@@ -365,13 +330,10 @@ class ImsettingsAction extends SettingsAction
             $this->serverError(_('Could not insert confirmation code.'));
         }
 
-        Event::handle('SendImConfirmationCode', array($transport, $screenname, $confirm->code, $user));
+        Event::handle('SendImConfirmationCode', array($transport, $screenname, $confirm->code, $this->scoped));
 
         // TRANS: Message given saving valid IM address that is to be confirmed.
-        $msg = _('A confirmation code was sent '.
+        return _('A confirmation code was sent to the IM address you added.');
-                         'to the IM address you added.');
-
-        $this->showForm($msg, true);
     }
 
     /**
@@ -386,29 +348,27 @@ class ImsettingsAction extends SettingsAction
         $screenname = $this->trimmed('screenname');
         $transport = $this->trimmed('transport');
 
+        try {
             $confirm = $this->getConfirmation($transport);
-
-        if (!$confirm) {
-            // TRANS: Message given canceling Instant Messaging address confirmation that is not pending.
-            $this->showForm(_('No pending confirmation to cancel.'));
-            return;
-        }
             if ($confirm->address != $screenname) {
                 // TRANS: Message given canceling IM address confirmation for the wrong IM address.
-            $this->showForm(_('That is the wrong IM address.'));
+                throw new ClientException(_('That is the wrong IM address.'));
-            return;
+            }
+        } catch (NoResultException $e) {
+            // TRANS: Message given canceling Instant Messaging address confirmation that is not pending.
+            throw new AlreadyFulfilledException(_('No pending confirmation to cancel.'));
         }
 
         $result = $confirm->delete();
 
-        if (!$result) {
+        if ($result === false) {
             common_log_db_error($confirm, 'DELETE', __FILE__);
             // TRANS: Server error thrown on database error canceling IM address confirmation.
-            $this->serverError(_('Could not delete confirmation.'));
+            throw new ServerException(_('Could not delete confirmation.'));
         }
 
         // TRANS: Message given after successfully canceling IM address confirmation.
-        $this->showForm(_('IM confirmation cancelled.'), true);
+        return _('IM confirmation cancelled.');
     }
 
     /**
@@ -420,34 +380,32 @@ class ImsettingsAction extends SettingsAction
      */
     function removeAddress()
     {
-        $user = common_current_user();
-
         $screenname = $this->trimmed('screenname');
         $transport = $this->trimmed('transport');
 
         // Maybe an old tab open...?
 
         $user_im_prefs = new User_im_prefs();
-        $user_im_prefs->user_id = $user->id;
+        $user_im_prefs->user_id = $this->scoped->getID();
-        if(! ($user_im_prefs->find() && $user_im_prefs->fetch())) {
+        $user_im_prefs->transport = $transport;
+        if (!$user_im_prefs->find(true)) {
             // TRANS: Message given trying to remove an IM address that is not
             // TRANS: registered for the active user.
-            $this->showForm(_('That is not your screenname.'));
+            throw new AlreadyFulfilledException(_('There were no preferences stored for this transport.'));
-            return;
         }
 
         $result = $user_im_prefs->delete();
 
-        if (!$result) {
+        if ($result === false) {
-            common_log_db_error($user, 'UPDATE', __FILE__);
+            common_log_db_error($user_im_prefs, 'UPDATE', __FILE__);
             // TRANS: Server error thrown on database error removing a registered IM address.
-            $this->serverError(_('Could not update user IM preferences.'));
+            throw new ServerException(_('Could not update user IM preferences.'));
         }
 
         // XXX: unsubscribe to the old address
 
         // TRANS: Message given after successfully removing a registered Instant Messaging address.
-        $this->showForm(_('The IM address was removed.'), true);
+        return _('The IM address was removed.');
     }
 
     /**
@@ -463,15 +421,9 @@ class ImsettingsAction extends SettingsAction
 
     function screennameExists($transport, $screenname)
     {
-        $user = common_current_user();
-
         $user_im_prefs = new User_im_prefs();
         $user_im_prefs->transport = $transport;
         $user_im_prefs->screenname = $screenname;
-        if($user_im_prefs->find() && $user_im_prefs->fetch()){
+        return $user_im_prefs->find(true) ? true : false;
-            return true;
-        }else{
-            return false;
-        }
     }
 }

actions/invite.php

@@ -118,7 +118,7 @@ class InviteAction extends Action
                         $this->already[] = $other;
                     } else {
                         try {
-                            Subscription::start($profile, $other);
+                            Subscription::ensureStart($profile, $other);
                             $this->subbed[] = $other;
                         } catch (Exception $e) {
                             // subscription failed, but keep working

actions/login.php

@@ -36,24 +36,6 @@ class LoginAction extends FormAction
 {
     protected $needLogin = false;
 
-    /**
-     * Prepare page to run
-     *
-     *
-     * @param $args
-     * @return string title
-     */
-    protected function prepare(array $args=array())
-    {
-        // @todo this check should really be in index.php for all sensitive actions
-        $ssl = common_config('site', 'ssl');
-        if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
-            common_redirect(common_local_url('login'));
-        }
-
-        return parent::prepare($args);
-    }
-
     /**
      * Handle input, produce output
      *
@@ -79,10 +61,8 @@ class LoginAction extends FormAction
      *
      * @return void
      */
-    protected function handlePost()
+    protected function doPost()
     {
-        parent::handlePost();
-
         // XXX: login throttle
 
         $nickname = $this->trimmed('nickname');
@@ -122,22 +102,6 @@ class LoginAction extends FormAction
         common_redirect($url, 303);
     }
 
-    /**
-     * Store an error and show the page
-     *
-     * This used to show the whole page; now, it's just a wrapper
-     * that stores the error in an attribute.
-     *
-     * @param string $error error, if any.
-     *
-     * @return void
-     */
-    public function showForm($msg=null, $success=false)
-    {
-        common_ensure_session();
-        return parent::showForm($msg, $success);
-    }
-
     function showScripts()
     {
         parent::showScripts();
@@ -208,7 +172,7 @@ class LoginAction extends FormAction
      *
      * @return void
      */
-    function getInstructions()
+    protected function getInstructions()
     {
         if (common_logged_in() && !common_is_real_login() &&
             common_get_returnto()) {

actions/logout.php

@@ -63,7 +63,7 @@ class LogoutAction extends ManagedAction
         }
         Event::handle('EndLogout', array($this));
 
-        common_redirect(common_local_url('startpage'));
+        common_redirect(common_local_url('top'));
     }
 
     // Accessed through the action on events

actions/networkpublic.php

@@ -2,7 +2,7 @@
 
 if (!defined('GNUSOCIAL')) { exit(1); }
 
-class NetworkpublicAction extends PublicAction
+class NetworkpublicAction extends SitestreamAction
 {
     protected function streamPrepare()
     {
@@ -28,13 +28,6 @@ class NetworkpublicAction extends PublicAction
         }
     }
 
-    function extraHead()
-    {
-        // the PublicAction has some XRDS stuff that might be unique to the non-network public feed
-        // FIXME: Solve this with a call that doesn't rely on parent:: and is unique for each class.
-        ManagedAction::extraHead();
-    }
-
     function showSections()
     {
         // Show invite button, as long as site isn't closed, and

actions/newapplication.php

@@ -28,9 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Add a new application
@@ -43,7 +41,7 @@ if (!defined('STATUSNET')) {
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-class NewApplicationAction extends FormAction
+class NewApplicationAction extends SettingsAction
 {
     function title()
     {
@@ -51,13 +49,12 @@ class NewApplicationAction extends FormAction
         return _('New application');
     }
 
-    protected function handlePost()
+    protected function doPost()
     {
-        parent::handlePost();
-
         if ($this->arg('cancel')) {
             common_redirect(common_local_url('oauthappssettings'), 303);
         } elseif ($this->arg('save')) {
+            //trySave will never return, just throw exception or redirect
             $this->trySave();
         }
 
@@ -65,30 +62,18 @@ class NewApplicationAction extends FormAction
         $this->clientError(_('Unexpected form submission.'));
     }
 
-    function showForm($msg=null)
+    protected function getForm()
     {
-        $this->msg = $msg;
+        return new ApplicationEditForm($this);
-        $this->showPage();
     }
 
-    function showContent()
+    protected function getInstructions()
     {
-        $form = new ApplicationEditForm($this);
-        $form->show();
-    }
-
-    function showPageNotice()
-    {
-        if ($this->msg) {
-            $this->element('p', 'error', $this->msg);
-        } else {
-            $this->element('p', 'instructions',
         // TRANS: Form instructions for registering a new application.
-                           _('Use this form to register a new application.'));
+        return _('Use this form to register a new application.');
-        }
     }
 
-    private function trySave()
+    protected function trySave()
     {
         $name         = $this->trimmed('name');
         $description  = $this->trimmed('description');
@@ -153,7 +138,7 @@ class NewApplicationAction extends FormAction
         $app->query('BEGIN');
 
         $app->name         = $name;
-        $app->owner        = $this->scoped->id;
+        $app->owner        = $this->scoped->getID();
         $app->description  = $description;
         $app->source_url   = $source_url;
         $app->organization = $organization;
@@ -181,6 +166,7 @@ class NewApplicationAction extends FormAction
 
         if (!$result) {
             common_log_db_error($consumer, 'INSERT', __FILE__);
+            $app->query('ROLLBACK');
             // TRANS: Server error displayed when an application could not be registered in the database through the "New application" form.
             $this->serverError(_('Could not create application.'));
         }
@@ -191,9 +177,9 @@ class NewApplicationAction extends FormAction
 
         if (!$this->app_id) {
             common_log_db_error($app, 'INSERT', __FILE__);
+            $app->query('ROLLBACK');
             // TRANS: Server error displayed when an application could not be registered in the database through the "New application" form.
             $this->serverError(_('Could not create application.'));
-            $app->query('ROLLBACK');
         }
 
         try {

actions/newgroup.php

@@ -29,9 +29,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Add a new group
@@ -48,6 +46,8 @@ class NewgroupAction extends FormAction
 {
     protected $group;
 
+    protected $form = 'GroupEdit';
+
     function getGroup() {
         return $this->group;
     }
@@ -58,39 +58,23 @@ class NewgroupAction extends FormAction
         return _('New group');
     }
 
-    /**
+    protected function doPreparation()
-     * Prepare to run
-     */
-    protected function prepare(array $args=array())
     {
-        parent::prepare($args);
-
         // $this->scoped is the current user profile
         if (!$this->scoped->hasRight(Right::CREATEGROUP)) {
             // TRANS: Client exception thrown when a user tries to create a group while banned.
             $this->clientError(_('You are not allowed to create groups on this site.'), 403);
         }
-
-        return true;
     }
 
-    public function showContent()
+    protected function getInstructions()
     {
-        $form = new GroupEditForm($this);
-        $form->show();
-    }
-
-    public function showInstructions()
-    {
-        $this->element('p', 'instructions',
         // TRANS: Form instructions for group create form.
-                       _('Use this form to create a new group.'));
+        return _('Use this form to create a new group.');
     }
 
-    protected function handlePost()
+    protected function doPost()
     {
-        parent::handlePost();
-
         if (Event::handle('StartGroupSaveForm', array($this))) {
             $nickname = Nickname::normalize($this->trimmed('newnickname'), true);
 
@@ -133,7 +117,6 @@ class NewgroupAction extends FormAction
                                            'Too many aliases! Maximum %d allowed.',
                                            common_config('group', 'maxaliases')),
                                         common_config('group', 'maxaliases')));
-                return;
             }
 
             if ($private) {

actions/newnotice.php

@@ -30,9 +30,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Action for posting new notices
@@ -62,6 +60,9 @@ class NewnoticeAction extends FormAction
             // TRANS: Page title after sending a notice.
             return _('Notice posted');
         }
+        if ($this->int('inreplyto')) {
+            return _m('TITLE', 'New reply');
+        }
         // TRANS: Page title for sending a new notice.
         return _m('TITLE','New notice');
     }
@@ -80,7 +81,7 @@ class NewnoticeAction extends FormAction
     }
 
     /**
-     * This handlePost saves a new notice, based on arguments
+     * This doPost saves a new notice, based on arguments
      *
      * If successful, will show the notice, or return an Ajax-y result.
      * If not, it will show an error message -- possibly Ajax-y.
@@ -90,27 +91,40 @@ class NewnoticeAction extends FormAction
      *
      * @return void
      */
-    protected function handlePost()
+    protected function doPost()
     {
-        parent::handlePost();
+        assert($this->scoped instanceof Profile); // XXX: maybe an error instead...
-
-        assert($this->scoped); // XXX: maybe an error instead...
         $user = $this->scoped->getUser();
-        $content = $this->trimmed('status_textarea');
+        $content = $this->formOpts['content'];
-        $options = array();
+        $options = array('source' => 'web');
         Event::handle('StartSaveNewNoticeWeb', array($this, $user, &$content, &$options));
 
-        if (!$content) {
+        $upload = null;
+        try {
+            // throws exception on failure
+            $upload = MediaFile::fromUpload('attach', $this->scoped);
+            if (Event::handle('StartSaveNewNoticeAppendAttachment', array($this, $upload, &$content, &$options))) {
+                $content .= ($content==='' ? '' : ' ') . $upload->shortUrl();
+            }
+            Event::handle('EndSaveNewNoticeAppendAttachment', array($this, $upload, &$content, &$options));
+
+            // We could check content length here if the URL was added, but I'll just let it slide for now...
+
+            $act->enclosures[] = $upload->getEnclosure();
+        } catch (NoUploadedMediaException $e) {
+            // simply no attached media to the new notice
+            if (empty($content)) {
                 // TRANS: Client error displayed trying to send a notice without content.
                 $this->clientError(_('No content!'));
             }
+        }
 
         $inter = new CommandInterpreter();
 
         $cmd = $inter->handle_command($user, $content);
 
         if ($cmd) {
-            if (StatusNet::isAjax()) {
+            if (GNUsocial::isAjax()) {
                 $cmd->execute(new AjaxWebChannel($this));
             } else {
                 $cmd->execute(new WebChannel($this));
@@ -118,43 +132,35 @@ class NewnoticeAction extends FormAction
             return;
         }
 
-        $content_shortened = $user->shortenLinks($content);
+        if ($this->int('inreplyto')) {
-        if (Notice::contentTooLong($content_shortened)) {
+            // Throws exception if the inreplyto Notice is given but not found.
+            $parent = Notice::getByID($this->int('inreplyto'));
+        } else {
+            $parent = null;
+        }
+
+        $act = new Activity();
+        $act->verb = ActivityVerb::POST;
+        $act->time = time();
+        $act->actor = $this->scoped->asActivityObject();
+
+        // Reject notice if it is too long (without the HTML)
+        // This is done after MediaFile::fromUpload etc. just to act the same as the ApiStatusesUpdateAction
+        if (Notice::contentTooLong($content)) {
             // TRANS: Client error displayed when the parameter "status" is missing.
             // TRANS: %d is the maximum number of character for a notice.
-            $this->clientError(sprintf(_m('That\'s too long. Maximum notice size is %d character.',
+            throw new ClientException(sprintf(_m('That\'s too long. Maximum notice size is %d character.',
                                                  'That\'s too long. Maximum notice size is %d characters.',
                                                  Notice::maxContent()),
                                               Notice::maxContent()));
         }
 
-        $replyto = intval($this->trimmed('inreplyto'));
+        $act->context = new ActivityContext();
-        if ($replyto) {
-            $options['reply_to'] = $replyto;
-        }
 
-        $upload = null;
+        if ($parent instanceof Notice) {
-        try {
+            $act->context->replyToID = $parent->getUri();
-            // throws exception on failure
+            $act->context->replyToUrl = $parent->getUrl(true);  // maybe we don't have to send true here to force a URL?
-            $upload = MediaFile::fromUpload('attach', $this->scoped);
-            if (Event::handle('StartSaveNewNoticeAppendAttachment', array($this, $upload, &$content_shortened, &$options))) {
-                $content_shortened .= ' ' . $upload->shortUrl();
         }
-            Event::handle('EndSaveNewNoticeAppendAttachment', array($this, $upload, &$content_shortened, &$options));
-
-            if (Notice::contentTooLong($content_shortened)) {
-                $upload->delete();
-                // TRANS: Client error displayed exceeding the maximum notice length.
-                // TRANS: %d is the maximum length for a notice.
-                $this->clientError(sprintf(_m('Maximum notice size is %d character, including attachment URL.',
-                                              'Maximum notice size is %d characters, including attachment URL.',
-                                              Notice::maxContent()),
-                                           Notice::maxContent()));
-            }
-        } catch (NoUploadedMediaException $e) {
-            // simply no attached media to the new notice
-        }
-
 
         if ($this->scoped->shareLocation()) {
             // use browser data if checked; otherwise profile data
@@ -172,19 +178,29 @@ class NewnoticeAction extends FormAction
                                                       $this->scoped);
             }
 
-            $options = array_merge($options, $locOptions);
+            $act->context->location = Location::fromOptions($locOptions);
         }
 
-        $author_id = $this->scoped->id;
+        $content = $this->scoped->shortenLinks($content);
-        $text      = $content_shortened;
 
-        // Does the heavy-lifting for getting "To:" information
+        // FIXME: Make sure NoticeTitle plugin gets a change to add the title to our activityobject!
+        if (Event::handle('StartNoticeSaveWeb', array($this, $this->scoped, &$content, &$options))) {
 
-        ToSelector::fillOptions($this, $options);
+            // FIXME: We should be able to get the attentions from common_render_content!
+            // and maybe even directly save whether they're local or not!
+            $act->context->attention = common_get_attentions($content, $this->scoped, $parent);
 
-        if (Event::handle('StartNoticeSaveWeb', array($this, &$author_id, &$text, &$options))) {
+            // $options gets filled with possible scoping settings
+            ToSelector::fillActivity($this, $act, $options);
 
-            $this->stored = Notice::saveNew($this->scoped->id, $content_shortened, 'web', $options);
+            $actobj = new ActivityObject();
+            $actobj->type = ActivityObject::NOTE;
+            $actobj->content = common_render_content($content, $this->scoped, $parent);
+
+            // Finally add the activity object to our activity
+            $act->objects[] = $actobj;
+
+            $this->stored = Notice::saveActivity($act, $this->scoped, $options);
 
             if ($upload instanceof MediaFile) {
                 $upload->attachToNotice($this->stored);
@@ -193,9 +209,9 @@ class NewnoticeAction extends FormAction
             Event::handle('EndNoticeSaveWeb', array($this, $this->stored));
         }
 
-        Event::handle('EndSaveNewNoticeWeb', array($this, $user, &$content_shortened, &$options));
+        Event::handle('EndSaveNewNoticeWeb', array($this, $user, &$content, &$options));
 
-        if (!StatusNet::isAjax()) {
+        if (!GNUsocial::isAjax()) {
             $url = common_local_url('shownotice', array('notice' => $this->stored->id));
             common_redirect($url, 303);
         }

actions/noticesearch.php

@@ -203,14 +203,7 @@ class SearchNoticeListItem extends NoticeListItem {
     {
         // FIXME: URL, image, video, audio
         $this->out->elementStart('p', array('class' => 'e-content'));
-        if ($this->notice->rendered) {
+        $this->out->raw($this->highlight($this->notice->getRendered(), $this->terms));
-            $this->out->raw($this->highlight($this->notice->rendered, $this->terms));
-        } else {
-            // XXX: may be some uncooked notices in the DB,
-            // we cook them right now. This should probably disappear in future
-            // versions (>> 0.4.x)
-            $this->out->raw($this->highlight(common_render_content($this->notice->content, $this->notice), $this->terms));
-        }
         $this->out->elementEnd('p');
 
     }

actions/noticesearchrss.php

@@ -28,11 +28,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/rssaction.php';
 
 /**
  * RSS feed for notice search action class.
@@ -48,19 +44,7 @@ require_once INSTALLDIR.'/lib/rssaction.php';
  */
 class NoticesearchrssAction extends Rss10Action
 {
-    function init()
+    protected function getNotices()
-    {
-        return true;
-    }
-
-    function prepare($args)
-    {
-        parent::prepare($args);
-        $this->notices = $this->getNotices();
-        return true;
-    }
-
-    function getNotices($limit=0)
     {
         $q = $this->trimmed('q');
         $notices = array();
@@ -70,8 +54,7 @@ class NoticesearchrssAction extends Rss10Action
         $search_engine = $notice->getSearchEngine('notice');
         $search_engine->set_sort_mode('chron');
 
-        if (!$limit) $limit = 20;
+        $search_engine->limit(0, $this->limit, true);
-        $search_engine->limit(0, $limit, true);
         if (false === $search_engine->query($q)) {
             $cnt = 0;
         } else {

actions/oauthappssettings.php

@@ -27,11 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR . '/lib/applicationlist.php';
 
 /**
  * Show a user's registered OAuth applications
@@ -47,19 +43,11 @@ require_once INSTALLDIR . '/lib/applicationlist.php';
 
 class OauthappssettingsAction extends SettingsAction
 {
-    var $page = 0;
+    protected $page = null;
 
-    function prepare($args)
+    protected function doPreparation()
     {
-        parent::prepare($args);
+        $this->page = $this->int('page') ?: 1;
-        $this->page = ($this->arg('page')) ? ($this->arg('page') + 0) : 1;
-
-        if (!common_logged_in()) {
-            // TRANS: Message displayed to an anonymous user trying to view OAuth application list.
-            $this->clientError(_('You must be logged in to list your applications.'));
-        }
-
-        return true;
     }
 
     /**
@@ -86,21 +74,13 @@ class OauthappssettingsAction extends SettingsAction
         return _('Applications you have registered');
     }
 
-    /**
-     * Content area of the page
-     *
-     * @return void
-     */
-
     function showContent()
     {
-        $user = common_current_user();
-
         $offset = ($this->page - 1) * APPS_PER_PAGE;
         $limit  =  APPS_PER_PAGE + 1;
 
         $application = new Oauth_application();
-        $application->owner = $user->id;
+        $application->owner = $this->scoped->getID();
         $application->whereAdd("name != 'anonymous'");
         $application->limit($offset, $limit);
         $application->orderBy('created DESC');
@@ -109,7 +89,7 @@ class OauthappssettingsAction extends SettingsAction
         $cnt = 0;
 
         if ($application) {
-            $al = new ApplicationList($application, $user, $this);
+            $al = new ApplicationList($application, $this->scoped, $this);
             $cnt = $al->show();
             if (0 == $cnt) {
                 $this->showEmptyListMessage();
@@ -135,34 +115,11 @@ class OauthappssettingsAction extends SettingsAction
 
     function showEmptyListMessage()
     {
-        // TRANS: Empty list message on page with OAuth applications.
+        // TRANS: Empty list message on page with OAuth applications. Markup allowed
         $message = sprintf(_('You have not registered any applications yet.'));
 
         $this->elementStart('div', 'guide');
         $this->raw(common_markup_to_html($message));
         $this->elementEnd('div');
     }
-
-    /**
-     * Handle posts to this form
-     *
-     * Based on the button that was pressed, muxes out to other functions
-     * to do the actual task requested.
-     *
-     * All sub-functions reload the form with a message -- success or failure.
-     *
-     * @return void
-     */
-
-    function handlePost()
-    {
-        // CSRF protection
-
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            $this->showForm(_('There was a problem with your session token. '.
-                              'Try again, please.'));
-            return;
-        }
-    }
 }

actions/oauthconnectionssettings.php

@@ -27,11 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR . '/lib/applicationlist.php';
 
 /**
  * Show connected OAuth applications
@@ -47,14 +43,13 @@ require_once INSTALLDIR . '/lib/applicationlist.php';
 class OauthconnectionssettingsAction extends SettingsAction
 {
     var $page = null;
-    var $oauth_token = null;
 
-    function prepare($args)
+    protected $oauth_token = null;
+
+    protected function doPreparation()
     {
-        parent::prepare($args);
         $this->oauth_token = $this->arg('oauth_token');
-        $this->page = ($this->arg('page')) ? ($this->arg('page') + 0) : 1;
+        $this->page = $this->int('page') ?: 1;
-        return true;
     }
 
     /**
@@ -87,18 +82,15 @@ class OauthconnectionssettingsAction extends SettingsAction
 
     function showContent()
     {
-        $user    = common_current_user();
-        $profile = $user->getProfile();
-
         $offset = ($this->page - 1) * APPS_PER_PAGE;
         $limit  =  APPS_PER_PAGE + 1;
 
-        $connection = $user->getConnectedApps($offset, $limit);
+        $connection = $this->scoped->getConnectedApps($offset, $limit);
 
         $cnt = 0;
 
         if (!empty($connection)) {
-            $cal = new ConnectedAppsList($connection, $user, $this);
+            $cal = new ConnectedAppsList($connection, $this->scoped, $this);
             $cnt = $cal->show();
         }
 
@@ -111,7 +103,7 @@ class OauthconnectionssettingsAction extends SettingsAction
             $cnt > APPS_PER_PAGE,
             $this->page,
             'connectionssettings',
-            array('nickname' => $user->nickname)
+            array('nickname' => $this->scoped->getNickname())
         );
     }
 
@@ -125,24 +117,14 @@ class OauthconnectionssettingsAction extends SettingsAction
      *
      * @return void
      */
-    function handlePost()
+    protected function doPost()
     {
-        // CSRF protection
-
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. '.
-                              'Try again, please.'));
-            return;
-        }
-
         if ($this->arg('revoke')) {
-            $this->revokeAccess($this->oauth_token);
+            return $this->revokeAccess($this->oauth_token);
-        } else {
-            // TRANS: Client error when submitting a form with unexpected information.
-            $this->clientError(_('Unexpected form submission.'), 401);
         }
+
+        // TRANS: Client error when submitting a form with unexpected information.
+        throw new ClientException(_('Unexpected form submission.'), 401);
     }
 
     /**

actions/oldschoolsettings.php

@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    // This check helps protect against security problems;
-    // your code file can't be executed directly from the web.
-    exit(1);
-}
 
 /**
  * Old-school settings
@@ -77,35 +73,23 @@ class OldschoolsettingsAction extends SettingsAction
      * @return boolean true
      */
 
-    function prepare($argarray)
+    protected function doPreparation()
     {
         if (!common_config('oldschool', 'enabled')) {
             throw new ClientException("Old-school settings not enabled.");
         }
-        parent::prepare($argarray);
-        return true;
     }
 
-    /**
+    function doPost()
-     * Handler method
-     *
-     * @param array $argarray is ignored since it's now passed in in prepare()
-     *
-     * @return void
-     */
-
-    function handlePost()
     {
-        $user = common_current_user();
+        $osp = Old_school_prefs::getKV('user_id', $this->scoped->getID());
-
-        $osp = Old_school_prefs::getKV('user_id', $user->id);
         $orig = null;
 
         if (!empty($osp)) {
             $orig = clone($osp);
         } else {
             $osp = new Old_school_prefs();
-            $osp->user_id = $user->id;
+            $osp->user_id = $this->scoped->getID();
             $osp->created = common_sql_now();
         }
 
@@ -113,34 +97,25 @@ class OldschoolsettingsAction extends SettingsAction
         $osp->stream_nicknames  = $this->boolean('stream_nicknames');
         $osp->modified          = common_sql_now();
 
-        if (!empty($orig)) {
+        if ($orig instanceof Old_school_prefs) {
             $osp->update($orig);
         } else {
             $osp->insert();
         }
 
         // TRANS: Confirmation shown when user profile settings are saved.
-        $this->showForm(_('Settings saved.'), true);
+        return _('Settings saved.');
-
-        return;
-    }
-
-    function showContent()
-    {
-        $user = common_current_user();
-        $form = new OldSchoolForm($this, $user);
-        $form->show();
     }
 }
 
-class OldSchoolForm extends Form
+class OldSchoolSettingsForm extends Form
 {
     var $user;
 
-    function __construct($out, $user)
+    function __construct(Action $out)
     {
         parent::__construct($out);
-        $this->user = $user;
+        $this->user = $out->getScoped()->getUser();
     }
 
     /**

actions/passwordsettings.php

@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('STATUSNET')) { exit(1); }
-    exit(1);
-}
-
-
 
 /**
  * Change password
@@ -77,18 +73,8 @@ class PasswordsettingsAction extends SettingsAction
         $this->autofocus('oldpassword');
     }
 
-    /**
-     * Content area of the page
-     *
-     * Shows a form for changing the password
-     *
-     * @return void
-     */
-
     function showContent()
     {
-        $user = common_current_user();
-
         $this->elementStart('form', array('method' => 'POST',
                                           'id' => 'form_password',
                                           'class' => 'form_settings',
@@ -102,7 +88,7 @@ class PasswordsettingsAction extends SettingsAction
 
         $this->elementStart('ul', 'form_data');
         // Users who logged in with OpenID won't have a pwd
-        if ($user->password) {
+        if ($this->scoped->hasPassword()) {
             $this->elementStart('li');
             // TRANS: Field label on page where to change password.
             $this->password('oldpassword', _('Old password'));
@@ -129,29 +115,8 @@ class PasswordsettingsAction extends SettingsAction
         $this->elementEnd('form');
     }
 
-    /**
+    protected function doPost()
-     * Handle a post
-     *
-     * Validate input and save changes. Reload the form with a success
-     * or error message.
-     *
-     * @return void
-     */
-    function handlePost()
     {
-        // CSRF protection
-
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. '.
-                               'Try again, please.'));
-            return;
-        }
-
-        $user = common_current_user();
-        assert(!is_null($user)); // should already be checked
-
         // FIXME: scrub input
 
         $newpassword = $this->arg('newpassword');
@@ -161,49 +126,30 @@ class PasswordsettingsAction extends SettingsAction
 
         if (strlen($newpassword) < 6) {
             // TRANS: Form validation error on page where to change password.
-            $this->showForm(_('Password must be 6 or more characters.'));
+            throw new ClientException(_('Password must be 6 or more characters.'));
-            return;
         } else if (0 != strcmp($newpassword, $confirm)) {
             // TRANS: Form validation error on password change when password confirmation does not match.
-            $this->showForm(_('Passwords do not match.'));
+            throw new ClientException(_('Passwords do not match.'));
-            return;
         }
 
-        if ($user->password) {
+        $oldpassword = null;
+        if ($this->scoped->hasPassword()) {
             $oldpassword = $this->arg('oldpassword');
 
-            if (!common_check_user($user->nickname, $oldpassword)) {
+            if (!common_check_user($this->scoped->getNickname(), $oldpassword)) {
                 // TRANS: Form validation error on page where to change password.
-                $this->showForm(_('Incorrect old password.'));
+                throw new ClientException(_('Incorrect old password.'));
-                return;
             }
-        }else{
-            $oldpassword = null;
         }
 
-        $success = false;
+        if (Event::handle('StartChangePassword', array($this->scoped, $oldpassword, $newpassword))) {
-        if(Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))){
             //no handler changed the password, so change the password internally
-            $original = clone($user);
+            $user->setPassword($newpassword);
 
-            $user->password = common_munge_password($newpassword, $user->id);
+            Event::handle('EndChangePassword', array($this->scoped));
-
-            $val = $user->validate();
-            if ($val !== true) {
-                // TRANS: Form validation error on page where to change password.
-                $this->showForm(_('Error saving user; invalid.'));
-                return;
-            }
-
-            if (!$user->update($original)) {
-                // TRANS: Server error displayed on page where to change password when password change
-                // TRANS: could not be made because of a server error.
-                $this->serverError(_('Cannot save new password.'));
-            }
-            Event::handle('EndChangePassword', array($user));
         }
 
         // TRANS: Form validation notice on page where to change password.
-        $this->showForm(_('Password saved.'), true);
+        return _('Password saved.');
     }
 }

actions/pathsadminpanel.php

@@ -418,8 +418,6 @@ class PathsAdminPanelForm extends AdminForm
         // TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
         $ssl = array('never' => _('Never'),
                       // TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
-                     'sometimes' => _('Sometimes'),
-                      // TRANS: Drop down option in Paths admin panel (option for "When to use SSL").
                      'always' => _('Always'));
 
         $this->out->dropdown('site-ssl',

actions/peopletagautocomplete.php

@@ -68,7 +68,7 @@ class PeopletagautocompleteAction extends Action
         }
 
         $profile = $this->user->getProfile();
-        $tags = $profile->getLists(common_current_user());
+        $tags = $profile->getLists($this->scoped);
 
         $this->tags = array();
         while ($tags->fetch()) {

actions/peopletagsbyuser.php

@@ -116,7 +116,7 @@ class PeopletagsbyuserAction extends Action
 
         $user = common_current_user();
         if ($this->arg('public')) {
-            $this->tags = $this->tagger->getLists(false, $offset, $limit);
+            $this->tags = $this->tagger->getLists(null, $offset, $limit);
         } else if ($this->arg('private')) {
             if (empty($user)) {
                 // TRANS: Error message displayed when trying to perform an action that requires a logged in user.
@@ -130,7 +130,7 @@ class PeopletagsbyuserAction extends Action
                 $this->clientError(_('You cannot view others\' private lists'), 403);
             }
         } else {
-            $this->tags = $this->tagger->getLists(common_current_user(), $offset, $limit);
+            $this->tags = $this->tagger->getLists($this->scoped, $offset, $limit);
         }
         return true;
     }

actions/peopletagsforuser.php

@@ -126,7 +126,7 @@ class PeopletagsforuserAction extends Action
         $offset = ($this->page-1) * PEOPLETAGS_PER_PAGE;
         $limit  = PEOPLETAGS_PER_PAGE + 1;
 
-        $ptags = $this->tagged->getOtherTags(common_current_user(), $offset, $limit);
+        $ptags = $this->tagged->getOtherTags($this->scoped, $offset, $limit);
 
         $pl = new PeopletagList($ptags, $this);
         $cnt = $pl->show();

actions/pluginsadminpanel.php

@@ -62,7 +62,7 @@ class PluginsadminpanelAction extends AdminPanelAction
     {
         // TRANS: Instructions at top of plugin admin page.
         return _('Additional plugins can be enabled and configured manually. ' .
-                 'See the <a href="http://status.net/wiki/Plugins">online plugin ' .
+                 'See the <a href="https://git.gnu.io/gnu/gnu-social/blob/master/plugins/README.md">online plugin ' .
                  'documentation</a> for more details.');
     }
 

actions/profilesettings.php

@@ -82,8 +82,7 @@ class ProfilesettingsAction extends SettingsAction
      */
     function showContent()
     {
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
-        $profile = $user->getProfile();
 
         $this->elementStart('form', array('method' => 'post',
                                           'id' => 'form_settings_profile',
@@ -100,21 +99,26 @@ class ProfilesettingsAction extends SettingsAction
             $this->elementStart('li');
             // TRANS: Field label in form for profile settings.
             $this->input('nickname', _('Nickname'),
-                         $this->arg('nickname') ?: $profile->nickname,
+                         $this->trimmed('nickname') ?: $this->scoped->getNickname(),
                          // TRANS: Tooltip for field label in form for profile settings.
                          _('1-64 lowercase letters or numbers, no punctuation or spaces.'),
                          null, false,   // "name" (will be set to id), then "required"
-                         !common_config('profile', 'changenick') ? array('disabled'=>'disabled') : array());
+                         !common_config('profile', 'changenick')
+                                        ? array('disabled' => 'disabled', 'placeholder' => null)
+                                        : array('placeholder' => null));
             $this->elementEnd('li');
             $this->elementStart('li');
             // TRANS: Field label in form for profile settings.
             $this->input('fullname', _('Full name'),
-                         ($this->arg('fullname')) ? $this->arg('fullname') : $profile->fullname);
+                         $this->trimmed('fullname') ?: $this->scoped->getFullname(),
+                         // TRANS: Instructions for full name text field on profile settings
+                         _('A full name is required, if empty it will be set to your nickname.'),
+                         null, true);
             $this->elementEnd('li');
             $this->elementStart('li');
             // TRANS: Field label in form for profile settings.
             $this->input('homepage', _('Homepage'),
-                         ($this->arg('homepage')) ? $this->arg('homepage') : $profile->homepage,
+                         $this->trimmed('homepage') ?: $this->scoped->getHomepage(),
                          // TRANS: Tooltip for field label in form for profile settings.
                          _('URL of your homepage, blog, or profile on another site.'));
             $this->elementEnd('li');
@@ -135,13 +139,13 @@ class ProfilesettingsAction extends SettingsAction
             // TRANS: Text area label in form for profile settings where users can provide
             // TRANS: their biography.
             $this->textarea('bio', _('Bio'),
-                            ($this->arg('bio')) ? $this->arg('bio') : $profile->bio,
+                            $this->trimmed('bio') ?: $this->scoped->getDescription(),
                             $bioInstr);
             $this->elementEnd('li');
             $this->elementStart('li');
             // TRANS: Field label in form for profile settings.
             $this->input('location', _('Location'),
-                         ($this->arg('location')) ? $this->arg('location') : $profile->location,
+                         $this->trimmed('location') ?: $this->scoped->location,
                          // TRANS: Tooltip for field label in form for profile settings.
                          _('Where you are, like "City, State (or Region), Country".'));
             $this->elementEnd('li');
@@ -150,14 +154,14 @@ class ProfilesettingsAction extends SettingsAction
                 // TRANS: Checkbox label in form for profile settings.
                 $this->checkbox('sharelocation', _('Share my current location when posting notices'),
                                 ($this->arg('sharelocation')) ?
-                                $this->arg('sharelocation') : $this->scoped->shareLocation());
+                                $this->boolean('sharelocation') : $this->scoped->shareLocation());
                 $this->elementEnd('li');
             }
             Event::handle('EndProfileFormData', array($this));
             $this->elementStart('li');
             // TRANS: Field label in form for profile settings.
             $this->input('tags', _('Tags'),
-                         ($this->arg('tags')) ? $this->arg('tags') : implode(' ', $user->getSelfTags()),
+                         $this->trimmed('tags') ?: implode(' ', Profile_tag::getSelfTagsArray($this->scoped)),
                          // TRANS: Tooltip for field label in form for profile settings.
                          _('Tags for yourself (letters, numbers, -, ., and _), comma- or space- separated.'));
             $this->elementEnd('li');
@@ -203,6 +207,7 @@ class ProfilesettingsAction extends SettingsAction
                             (empty($user->subscribe_policy)) ? User::SUBSCRIBE_POLICY_OPEN : $user->subscribe_policy);
             $this->elementEnd('li');
         }
+        if (common_config('profile', 'allowprivate') || $user->private_stream) {
             $this->elementStart('li');
             $this->checkbox('private_stream',
                             // TRANS: Checkbox label in profile settings.
@@ -210,6 +215,7 @@ class ProfilesettingsAction extends SettingsAction
                             ($this->arg('private_stream')) ?
                             $this->boolean('private_stream') : $user->private_stream);
             $this->elementEnd('li');
+        }
         $this->elementEnd('ul');
         // TRANS: Button to save input in profile settings.
         $this->submit('save', _m('BUTTON','Save'));
@@ -226,17 +232,8 @@ class ProfilesettingsAction extends SettingsAction
      *
      * @return void
      */
-    function handlePost()
+    protected function doPost()
     {
-        // CSRF protection
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Form validation error.
-            $this->showForm(_('There was a problem with your session token. '.
-                              'Try again, please.'));
-            return;
-        }
-
         if (Event::handle('StartProfileSaveForm', array($this))) {
 
             // $nickname will only be set if this changenick value is true.
@@ -244,15 +241,13 @@ class ProfilesettingsAction extends SettingsAction
                 try {
                     $nickname = Nickname::normalize($this->trimmed('nickname'), true);
                 } catch (NicknameTakenException $e) {
-                    // Abort only if the nickname is occupied by another local profile
+                    // Abort only if the nickname is occupied by _another_ local user profile
-                    if ($e->profile->id != $this->scoped->id) {
+                    if (!$this->scoped->sameAs($e->profile)) {
-                        $this->showForm($e->getMessage());
+                        throw $e;
-                        return;
                     }
-                    $nickname = Nickname::normalize($this->trimmed('nickname')); // without in-use check this time
+                    // Since the variable wasn't set before the exception was thrown, let's run
-                } catch (NicknameException $e) {
+                    // the normalize sequence again, but without in-use check this time.
-                    $this->showForm($e->getMessage());
+                    $nickname = Nickname::normalize($this->trimmed('nickname'));
-                    return;
                 }
             }
 
@@ -260,9 +255,8 @@ class ProfilesettingsAction extends SettingsAction
             $homepage = $this->trimmed('homepage');
             $bio = $this->trimmed('bio');
             $location = $this->trimmed('location');
-            $autosubscribe = $this->boolean('autosubscribe');
+            $autosubscribe = $this->booleanintstring('autosubscribe');
             $subscribe_policy = $this->trimmed('subscribe_policy');
-            $private_stream = $this->boolean('private_stream');
             $language = $this->trimmed('language');
             $timezone = $this->trimmed('timezone');
             $tagstring = $this->trimmed('tags');
@@ -271,33 +265,27 @@ class ProfilesettingsAction extends SettingsAction
             if (!is_null($homepage) && (strlen($homepage) > 0) &&
                        !common_valid_http_url($homepage)) {
                 // TRANS: Validation error in form for profile settings.
-                $this->showForm(_('Homepage is not a valid URL.'));
+                throw new ClientException(_('Homepage is not a valid URL.'));
-                return;
+            } else if (!is_null($fullname) && mb_strlen($fullname) > 191) {
-            } else if (!is_null($fullname) && mb_strlen($fullname) > 255) {
                 // TRANS: Validation error in form for profile settings.
-                $this->showForm(_('Full name is too long (maximum 255 characters).'));
+                throw new ClientException(_('Full name is too long (maximum 191 characters).'));
-                return;
             } else if (Profile::bioTooLong($bio)) {
                 // TRANS: Validation error in form for profile settings.
                 // TRANS: Plural form is used based on the maximum number of allowed
                 // TRANS: characters for the biography (%d).
-                $this->showForm(sprintf(_m('Bio is too long (maximum %d character).',
+                throw new ClientException(sprintf(_m('Bio is too long (maximum %d character).',
                                            'Bio is too long (maximum %d characters).',
                                            Profile::maxBio()),
                                         Profile::maxBio()));
-                return;
+            } else if (!is_null($location) && mb_strlen($location) > 191) {
-            } else if (!is_null($location) && mb_strlen($location) > 255) {
                 // TRANS: Validation error in form for profile settings.
-                $this->showForm(_('Location is too long (maximum 255 characters).'));
+                throw new ClientException(_('Location is too long (maximum 191 characters).'));
-                return;
             }  else if (is_null($timezone) || !in_array($timezone, DateTimeZone::listIdentifiers())) {
                 // TRANS: Validation error in form for profile settings.
-                $this->showForm(_('Timezone not selected.'));
+                throw new ClientException(_('Timezone not selected.'));
-                return;
             } else if (!is_null($language) && strlen($language) > 50) {
                 // TRANS: Validation error in form for profile settings.
-                $this->showForm(_('Language is too long (maximum 50 characters).'));
+                throw new ClientException(_('Language is too long (maximum 50 characters).'));
-                return;
             }
 
             $tags = array();
@@ -313,17 +301,25 @@ class ProfilesettingsAction extends SettingsAction
                     if (!common_valid_profile_tag($tag)) {
                         // TRANS: Validation error in form for profile settings.
                         // TRANS: %s is an invalid tag.
-                        $this->showForm(sprintf(_('Invalid tag: "%s".'), $tag));
+                        throw new ClientException(sprintf(_('Invalid tag: "%s".'), $tag));
-                        return;
                     }
 
                     $tag_priv[$tag] = $private;
                 }
             }
 
-            $user = common_current_user();
+            $user = $this->scoped->getUser();
             $user->query('BEGIN');
 
+            // Only allow setting private_stream if site policy allows it
+            // (or user already _has_ a private stream, then you can unset it)
+            if (common_config('profile', 'allowprivate') || $user->private_stream) {
+                $private_stream = $this->booleanintstring('private_stream');
+            } else {
+                // if not allowed, we set to the existing value
+                $private_stream = $user->private_stream;
+            }
+
             // $user->nickname is updated through Profile->update();
 
             // XXX: XOR
@@ -344,61 +340,60 @@ class ProfilesettingsAction extends SettingsAction
                 $result = $user->update($original);
                 if ($result === false) {
                     common_log_db_error($user, 'UPDATE', __FILE__);
+                    $user->query('ROLLBACK');
                     // TRANS: Server error thrown when user profile settings could not be updated to
                     // TRANS: automatically subscribe to any subscriber.
-                    $this->serverError(_('Could not update user for autosubscribe or subscribe_policy.'));
+                    throw new ServerException(_('Could not update user for autosubscribe or subscribe_policy.'));
                 }
 
                 // Re-initialize language environment if it changed
                 common_init_language();
             }
 
-            $profile = $user->getProfile();
+            $original = clone($this->scoped);
 
-            $orig_profile = clone($profile);
+            if (common_config('profile', 'changenick') == true && $this->scoped->getNickname() !== $nickname) {
-
-            if (common_config('profile', 'changenick') == true && $profile->nickname !== $nickname) {
                 assert(Nickname::normalize($nickname)===$nickname);
-                common_debug("Changing user nickname from '{$profile->nickname}' to '{$nickname}'.");
+                common_debug("Changing user nickname from '{$this->scoped->getNickname()}' to '{$nickname}'.");
-                $profile->nickname = $nickname;
+                $this->scoped->nickname = $nickname;
-                $profile->profileurl = common_profile_url($profile->nickname);
+                $this->scoped->profileurl = common_profile_url($this->scoped->getNickname());
             }
-            $profile->fullname = $fullname;
+            $this->scoped->fullname = (mb_strlen($fullname)>0 ? $fullname : $this->scoped->nickname);
-            $profile->homepage = $homepage;
+            $this->scoped->homepage = $homepage;
-            $profile->bio = $bio;
+            $this->scoped->bio = $bio;
-            $profile->location = $location;
+            $this->scoped->location = $location;
 
             $loc = Location::fromName($location);
 
             if (empty($loc)) {
-                $profile->lat         = null;
+                $this->scoped->lat         = null;
-                $profile->lon         = null;
+                $this->scoped->lon         = null;
-                $profile->location_id = null;
+                $this->scoped->location_id = null;
-                $profile->location_ns = null;
+                $this->scoped->location_ns = null;
             } else {
-                $profile->lat         = $loc->lat;
+                $this->scoped->lat         = $loc->lat;
-                $profile->lon         = $loc->lon;
+                $this->scoped->lon         = $loc->lon;
-                $profile->location_id = $loc->location_id;
+                $this->scoped->location_id = $loc->location_id;
-                $profile->location_ns = $loc->location_ns;
+                $this->scoped->location_ns = $loc->location_ns;
             }
 
             if (common_config('location', 'share') == 'user') {
 
                 $exists = false;
 
-                $prefs = User_location_prefs::getKV('user_id', $user->id);
+                $prefs = User_location_prefs::getKV('user_id', $this->scoped->getID());
 
                 if (empty($prefs)) {
                     $prefs = new User_location_prefs();
 
-                    $prefs->user_id = $user->id;
+                    $prefs->user_id = $this->scoped->getID();
                     $prefs->created = common_sql_now();
                 } else {
                     $exists = true;
                     $orig = clone($prefs);
                 }
 
-                $prefs->share_location = $this->boolean('sharelocation');
+                $prefs->share_location = $this->booleanintstring('sharelocation');
 
                 if ($exists) {
                     $result = $prefs->update($orig);
@@ -408,42 +403,37 @@ class ProfilesettingsAction extends SettingsAction
 
                 if ($result === false) {
                     common_log_db_error($prefs, ($exists) ? 'UPDATE' : 'INSERT', __FILE__);
+                    $user->query('ROLLBACK');
                     // TRANS: Server error thrown when user profile location preference settings could not be updated.
-                    $this->serverError(_('Could not save location prefs.'));
+                    throw new ServerException(_('Could not save location prefs.'));
                 }
             }
 
-            common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__);
+            common_debug('Old profile: ' . common_log_objstring($original), __FILE__);
-            common_debug('New profile: ' . common_log_objstring($profile), __FILE__);
+            common_debug('New profile: ' . common_log_objstring($this->scoped), __FILE__);
 
-            $result = $profile->update($orig_profile);
+            $result = $this->scoped->update($original);
 
             if ($result === false) {
-                common_log_db_error($profile, 'UPDATE', __FILE__);
+                common_log_db_error($this->scoped, 'UPDATE', __FILE__);
+                $user->query('ROLLBACK');
                 // TRANS: Server error thrown when user profile settings could not be saved.
-                $this->serverError(_('Could not save profile.'));
+                throw new ServerException(_('Could not save profile.'));
             }
 
             // Set the user tags
-            $result = $user->setSelfTags($tags, $tag_priv);
+            $result = Profile_tag::setSelfTags($this->scoped, $tags, $tag_priv);
-
-            if (!$result) {
-                // TRANS: Server error thrown when user profile settings tags could not be saved.
-                $this->serverError(_('Could not save tags.'));
-            }
 
             $user->query('COMMIT');
             Event::handle('EndProfileSaveForm', array($this));
 
             // TRANS: Confirmation shown when user profile settings are saved.
-            $this->showForm(_('Settings saved.'), true);
+            return _('Settings saved.');
 
         }
     }
 
     function showAside() {
-        $user = common_current_user();
-
         $this->elementStart('div', array('id' => 'aside_primary',
                                          'class' => 'aside'));
 
@@ -451,7 +441,7 @@ class ProfilesettingsAction extends SettingsAction
                                          'class' => 'section'));
         $this->elementStart('ul');
         if (Event::handle('StartProfileSettingsActions', array($this))) {
-            if ($user->hasRight(Right::BACKUPACCOUNT)) {
+            if ($this->scoped->hasRight(Right::BACKUPACCOUNT)) {
                 $this->elementStart('li');
                 $this->element('a',
                                array('href' => common_local_url('backupaccount')),
@@ -459,7 +449,7 @@ class ProfilesettingsAction extends SettingsAction
                                _('Backup account'));
                 $this->elementEnd('li');
             }
-            if ($user->hasRight(Right::DELETEACCOUNT)) {
+            if ($this->scoped->hasRight(Right::DELETEACCOUNT)) {
                 $this->elementStart('li');
                 $this->element('a',
                                array('href' => common_local_url('deleteaccount')),
@@ -467,7 +457,7 @@ class ProfilesettingsAction extends SettingsAction
                                _('Delete account'));
                 $this->elementEnd('li');
             }
-            if ($user->hasRight(Right::RESTOREACCOUNT)) {
+            if ($this->scoped->hasRight(Right::RESTOREACCOUNT)) {
                 $this->elementStart('li');
                 $this->element('a',
                                array('href' => common_local_url('restoreaccount')),

actions/public.php

@@ -29,10 +29,6 @@
 
 if (!defined('GNUSOCIAL')) { exit(1); }
 
-// Farther than any human will go
-
-define('MAX_PUBLIC_PAGE', 100);
-
 /**
  * Action for displaying the public stream
  *
@@ -43,54 +39,9 @@ define('MAX_PUBLIC_PAGE', 100);
  * @link     http://status.net/
  *
  * @see      PublicrssAction
- * @see      PublicxrdsAction
  */
-class PublicAction extends ManagedAction
+class PublicAction extends SitestreamAction
 {
-    /**
-     * page of the stream we're on; default = 1
-     */
-
-    var $page = null;
-    var $notice;
-
-    protected $stream = null;
-
-    function isReadOnly($args)
-    {
-        return true;
-    }
-
-    protected function doPreparation()
-    {
-        $this->page = ($this->arg('page')) ? ($this->arg('page')+0) : 1;
-
-        if ($this->page > MAX_PUBLIC_PAGE) {
-            // TRANS: Client error displayed when requesting a public timeline page beyond the page limit.
-            // TRANS: %s is the page limit.
-            $this->clientError(sprintf(_('Beyond the page limit (%s).'), MAX_PUBLIC_PAGE));
-        }
-
-        common_set_returnto($this->selfUrl());
-
-        $this->streamPrepare();
-
-        $this->notice = $this->stream->getNotices(($this->page-1)*NOTICES_PER_PAGE,
-                                            NOTICES_PER_PAGE + 1);
-
-        if (!$this->notice) {
-            // TRANS: Server error displayed when a public timeline cannot be retrieved.
-            $this->serverError(_('Could not retrieve public timeline.'));
-        }
-
-        if ($this->page > 1 && $this->notice->N == 0){
-            // TRANS: Client error when page not found (404).
-            $this->clientError(_('No such page.'), 404);
-        }
-
-        return true;
-    }
-
     protected function streamPrepare()
     {
         if ($this->scoped instanceof Profile && $this->scoped->isLocal() && $this->scoped->getUser()->streamModeOnly()) {
@@ -117,100 +68,6 @@ class PublicAction extends ManagedAction
         }
     }
 
-    function extraHead()
-    {
-        parent::extraHead();
-        $this->element('meta', array('http-equiv' => 'X-XRDS-Location',
-                                           'content' => common_local_url('publicxrds')));
-
-        $rsd = common_local_url('rsd');
-
-        // RSD, http://tales.phrasewise.com/rfc/rsd
-
-        $this->element('link', array('rel' => 'EditURI',
-                                     'type' => 'application/rsd+xml',
-                                     'href' => $rsd));
-
-        if ($this->page != 1) {
-            $this->element('link', array('rel' => 'canonical',
-                                         'href' => common_local_url('public')));
-        }
-    }
-
-    /**
-     * Output <head> elements for RSS and Atom feeds
-     *
-     * @return void
-     */
-    function getFeeds()
-    {
-        return array(new Feed(Feed::JSON,
-                              common_local_url('ApiTimelinePublic',
-                                               array('format' => 'as')),
-                              // TRANS: Link description for public timeline feed.
-                              _('Public Timeline Feed (Activity Streams JSON)')),
-                    new Feed(Feed::RSS1, common_local_url('publicrss'),
-                              // TRANS: Link description for public timeline feed.
-                              _('Public Timeline Feed (RSS 1.0)')),
-                     new Feed(Feed::RSS2,
-                              common_local_url('ApiTimelinePublic',
-                                               array('format' => 'rss')),
-                              // TRANS: Link description for public timeline feed.
-                              _('Public Timeline Feed (RSS 2.0)')),
-                     new Feed(Feed::ATOM,
-                              common_local_url('ApiTimelinePublic',
-                                               array('format' => 'atom')),
-                              // TRANS: Link description for public timeline feed.
-                              _('Public Timeline Feed (Atom)')));
-    }
-
-    function showEmptyList()
-    {
-        // TRANS: Text displayed for public feed when there are no public notices.
-        $message = _('This is the public timeline for %%site.name%% but no one has posted anything yet.') . ' ';
-
-        if (common_logged_in()) {
-            // TRANS: Additional text displayed for public feed when there are no public notices for a logged in user.
-            $message .= _('Be the first to post!');
-        }
-        else {
-            if (! (common_config('site','closed') || common_config('site','inviteonly'))) {
-                // TRANS: Additional text displayed for public feed when there are no public notices for a not logged in user.
-                $message .= _('Why not [register an account](%%action.register%%) and be the first to post!');
-            }
-        }
-
-        $this->elementStart('div', 'guide');
-        $this->raw(common_markup_to_html($message));
-        $this->elementEnd('div');
-    }
-
-    /**
-     * Fill the content area
-     *
-     * Shows a list of the notices in the public stream, with some pagination
-     * controls.
-     *
-     * @return void
-     */
-    function showContent()
-    {
-        if ($this->scoped instanceof Profile && $this->scoped->isLocal() && $this->scoped->getUser()->streamModeOnly()) {
-            $nl = new PrimaryNoticeList($this->notice, $this, array('show_n'=>NOTICES_PER_PAGE));
-        } else {
-            $nl = new ThreadedNoticeList($this->notice, $this, $this->scoped);
-        }
-
-        $cnt = $nl->show();
-
-        if ($cnt == 0) {
-            $this->showEmptyList();
-        }
-
-        $this->pagination($this->page > 1, $cnt > NOTICES_PER_PAGE,
-                          $this->page, $this->action);
-    }
-
     function showSections()
     {
         // Show invite button, as long as site isn't closed, and
@@ -239,23 +96,30 @@ class PublicAction extends ManagedAction
         $feat->show();
     }
 
-    function showAnonymousMessage()
+    /**
+     * Output <head> elements for RSS and Atom feeds
+     *
+     * @return void
+     */
+    function getFeeds()
     {
-        if (! (common_config('site','closed') || common_config('site','inviteonly'))) {
+        return array(new Feed(Feed::JSON,
-            // TRANS: Message for not logged in users at an invite-only site trying to view the public feed of notices.
+                              common_local_url('ApiTimelinePublic',
-            // TRANS: This message contains Markdown links. Please mind the formatting.
+                                               array('format' => 'as')),
-            $m = _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' .
+                              // TRANS: Link description for public timeline feed.
-                   'based on the Free Software [StatusNet](http://status.net/) tool. ' .
+                              _('Public Timeline Feed (Activity Streams JSON)')),
-                   '[Join now](%%action.register%%) to share notices about yourself with friends, family, and colleagues! ' .
+                    new Feed(Feed::RSS1, common_local_url('publicrss'),
-                   '([Read more](%%doc.help%%))');
+                              // TRANS: Link description for public timeline feed.
-        } else {
+                              _('Public Timeline Feed (RSS 1.0)')),
-            // TRANS: Message for not logged in users at a closed site trying to view the public feed of notices.
+                     new Feed(Feed::RSS2,
-            // TRANS: This message contains Markdown links. Please mind the formatting.
+                              common_local_url('ApiTimelinePublic',
-            $m = _('This is %%site.name%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' .
+                                               array('format' => 'rss')),
-                   'based on the Free Software [StatusNet](http://status.net/) tool.');
+                              // TRANS: Link description for public timeline feed.
-        }
+                              _('Public Timeline Feed (RSS 2.0)')),
-        $this->elementStart('div', array('id' => 'anon_notice'));
+                     new Feed(Feed::ATOM,
-        $this->raw(common_markup_to_html($m));
+                              common_local_url('ApiTimelinePublic',
-        $this->elementEnd('div');
+                                               array('format' => 'atom')),
+                              // TRANS: Link description for public timeline feed.
+                              _('Public Timeline Feed (Atom)')));
     }
 }

actions/publicrss.php

@@ -28,11 +28,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/rssaction.php';
 
 /**
  * RSS feed for public timeline.
@@ -48,29 +44,6 @@ require_once INSTALLDIR.'/lib/rssaction.php';
  */
 class PublicrssAction extends Rss10Action
 {
-    /**
-     * Read arguments and initialize members
-     *
-     * @param array $args Arguments from $_REQUEST
-     * @return boolean success
-     */
-    function prepare($args)
-    {
-        parent::prepare($args);
-        $this->notices = $this->getNotices($this->limit);
-        return true;
-    }
-
-    /**
-     * Initialization.
-     *
-     * @return boolean true
-     */
-    function init()
-    {
-        return true;
-    }
-
     /**
      * Get notices
      *
@@ -78,15 +51,10 @@ class PublicrssAction extends Rss10Action
      *
      * @return array notices
      */
-    function getNotices($limit=0)
+    protected function getNotices()
     {
-        $notices = array();
+        $stream  = Notice::publicStream(0, $this->limit);
-        $notice  = Notice::publicStream(0, ($limit == 0) ? 48 : $limit);
+        return $stream->fetchAll();
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
      /**

actions/recoverpassword.php

@@ -272,10 +272,16 @@ class RecoverpasswordAction extends Action
         try {
             User::recoverPassword($nore);
             $this->mode = 'sent';
+            if (common_is_email($nore) && common_config('site', 'fakeaddressrecovery')) {
+                // TRANS: User notification when recovering password by giving email address,
+                //        regardless if the mail was sent or not (to hide registered email status).
+                $this->msg = _('If the email address you provided was found in the database, a recovery mail with instructions has been sent there.');
+            } else {
                 // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
                 $this->msg = _('Instructions for recovering your password ' .
                                'have been sent to the email address registered to your ' .
                                'account.');
+            }
             $this->success = true;
         } catch (Exception $e) {
             $this->success = false;
@@ -316,16 +322,7 @@ class RecoverpasswordAction extends Action
         }
 
         // OK, we're ready to go
-
+        $user->setPassword($newpassword);
-        $original = clone($user);
-
-        $user->password = common_munge_password($newpassword, $user->id);
-
-        if (!$user->update($original)) {
-            common_log_db_error($user, 'UPDATE', __FILE__);
-            // TRANS: Reset password form validation error message.
-            $this->serverError(_('Cannot save new password.'));
-        }
 
         $this->clearTempUser();
 

actions/redirecturl.php

@@ -28,11 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    // This check helps protect against security problems;
-    // your code file can't be executed directly from the web.
-    exit(1);
-}
 
 /**
  * Redirect to a given URL
@@ -47,75 +43,27 @@ if (!defined('STATUSNET')) {
  * @link      http://status.net/
  */
 
-class RedirecturlAction extends Action
+class RedirecturlAction extends ManagedAction
 {
-    protected $id   = null;
     protected $file = null;
 
-    /**
+    protected function doPreparation()
-     * For initializing members of the class.
-     *
-     * @param array $argarray misc. arguments
-     *
-     * @return boolean true
-     */
-    function prepare($argarray)
     {
-        parent::prepare($argarray);
+        $this->file = File::getByID($this->int('id'));
-
-        $this->id = $this->trimmed('id');
-
-        if (empty($this->id)) {
-            // TRANS: Client exception thrown when no ID parameter was provided.
-            throw new ClientException(_('No id parameter.'));
-        }
-
-        $this->file = File::getKV('id', $this->id);
-
-        if (empty($this->file)) {
-            // TRANS: Client exception thrown when an invalid ID parameter was provided for a file.
-            // TRANS: %d is the provided ID for which the file is not present (number).
-            throw new ClientException(sprintf(_('No such file "%d".'),
-                                              $this->id),
-                                      404);
-        }
 
         return true;
     }
 
-    /**
+    public function showPage()
-     * Handler method
-     *
-     * @param array $argarray is ignored since it's now passed in in prepare()
-     *
-     * @return void
-     */
-    function handle($argarray=null)
     {
-        common_redirect($this->file->url, 307);
+        common_redirect($this->file->getUrl(false), 301);
     }
 
-    /**
-     * Return true if read only.
-     *
-     * MAY override
-     *
-     * @param array $args other arguments
-     *
-     * @return boolean is read only action?
-     */
     function isReadOnly($args)
     {
         return true;
     }
 
-    /**
-     * Return last modified, if applicable.
-     *
-     * MAY override
-     *
-     * @return string last modified http header
-     */
     function lastModified()
     {
         // For comparison with If-Last-Modified
@@ -133,9 +81,9 @@ class RedirecturlAction extends Action
      */
     function etag()
     {
-        return 'W/"' . implode(':', array($this->arg('action'),
+        return 'W/"' . implode(':', array($this->getActionName(),
                                           common_user_cache_hash(),
                                           common_language(),
-                                          $this->file->id)) . '"';
+                                          $this->file->getID())) . '"';
     }
 }

actions/register.php

@@ -27,9 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL') && !defined('STATUSNET')) { exit(1); }
-    exit(1);
-}
 
 /**
  * An action for registering a new user account
@@ -133,7 +131,11 @@ class RegisterAction extends Action
             // TRANS: Client error displayed when trying to register while already logged in.
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+            try {
                 $this->tryRegister();
+            } catch (ClientException $e) {
+                $this->showForm($e->getMessage());
+            }
         } else {
             $this->showForm();
         }
@@ -210,9 +212,6 @@ class RegisterAction extends Action
                        !common_valid_http_url($homepage)) {
                 // TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
                 $this->showForm(_('Homepage is not a valid URL.'));
-            } else if (!is_null($fullname) && mb_strlen($fullname) > 255) {
-                // TRANS: Form validation error displayed when trying to register with a too long full name.
-                $this->showForm(_('Full name is too long (maximum 255 characters).'));
             } else if (Profile::bioTooLong($bio)) {
                 // TRANS: Form validation error on registration page when providing too long a bio text.
                 // TRANS: %d is the maximum number of characters for bio; used for plural.
@@ -220,28 +219,22 @@ class RegisterAction extends Action
                                            'Bio is too long (maximum %d characters).',
                                            Profile::maxBio()),
                                         Profile::maxBio()));
-            } else if (!is_null($location) && mb_strlen($location) > 255) {
-                // TRANS: Form validation error displayed when trying to register with a too long location.
-                $this->showForm(_('Location is too long (maximum 255 characters).'));
             } else if (strlen($password) < 6) {
                 // TRANS: Form validation error displayed when trying to register with too short a password.
                 $this->showForm(_('Password must be 6 or more characters.'));
             } else if ($password != $confirm) {
                 // TRANS: Form validation error displayed when trying to register with non-matching passwords.
                 $this->showForm(_('Passwords do not match.'));
-            } else if ($user = User::register(array('nickname' => $nickname,
+            } else {
+                try {
+                    $user = User::register(array('nickname' => $nickname,
                                                     'password' => $password,
                                                     'email' => $email,
                                                     'fullname' => $fullname,
                                                     'homepage' => $homepage,
                                                     'bio' => $bio,
                                                     'location' => $location,
-                                                    'code' => $code))) {
+                                                    'code' => $code));
-                if (!($user instanceof User)) {
-                    // TRANS: Form validation error displayed when trying to register with an invalid username or password.
-                    $this->showForm(_('Invalid username or password.'));
-                    return;
-                }
                     // success!
                     if (!common_set_user($user)) {
                         // TRANS: Server error displayed when saving fails during user registration.
@@ -260,9 +253,10 @@ class RegisterAction extends Action
                     Event::handle('EndRegistrationTry', array($this));
 
                     $this->showSuccess();
-            } else {
+                } catch (Exception $e) {
                     // TRANS: Form validation error displayed when trying to register with an invalid username or password.
-                $this->showForm(_('Invalid username or password.'));
+                    $this->showForm($e->getMessage());
+                }
             }
         }
     }
@@ -489,6 +483,7 @@ class RegisterAction extends Action
                            'id' => 'license',
                            'class' => 'checkbox',
                            'name' => 'license',
+                           'required' => 'true',
                            'value' => 'true');
             if ($this->boolean('license')) {
                 $attrs['checked'] = 'checked';

actions/replies.php

@@ -27,13 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/personalgroupnav.php';
-require_once INSTALLDIR.'/lib/noticelist.php';
-require_once INSTALLDIR.'/lib/feedlist.php';
 
 /**
  * List of replies
@@ -44,72 +38,11 @@ require_once INSTALLDIR.'/lib/feedlist.php';
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-class RepliesAction extends Action
+class RepliesAction extends ShowstreamAction
 {
-    var $page = null;
+    public function getStream()
-    var $notice;
-
-    /**
-     * Prepare the object
-     *
-     * Check the input values and initialize the object.
-     * Shows an error page on bad input.
-     *
-     * @param array $args $_REQUEST data
-     *
-     * @return boolean success flag
-     */
-    function prepare($args)
     {
-        parent::prepare($args);
+        return new ReplyNoticeStream($this->target->getID(), $this->scoped);
-
-        $nickname = common_canonical_nickname($this->arg('nickname'));
-
-        $this->user = User::getKV('nickname', $nickname);
-
-        if (!$this->user) {
-            // TRANS: Client error displayed when trying to reply to a non-exsting user.
-            $this->clientError(_('No such user.'));
-        }
-
-        $profile = $this->user->getProfile();
-
-        if (!$profile) {
-            // TRANS: Error message displayed when referring to a user without a profile.
-            $this->serverError(_('User has no profile.'));
-        }
-
-        $this->page = ($this->arg('page')) ? ($this->arg('page')+0) : 1;
-
-        common_set_returnto($this->selfUrl());
-
-        $stream = new ReplyNoticeStream($this->user->id,
-                                        Profile::current());
-
-        $this->notice = $stream->getNotices(($this->page-1) * NOTICES_PER_PAGE,
-                                            NOTICES_PER_PAGE + 1);
-
-        if($this->page > 1 && $this->notice->N == 0){
-            // TRANS: Client error when page not found (404)
-            $this->clientError(_('No such page.'), 404);
-        }
-
-        return true;
-    }
-
-    /**
-     * Handle a request
-     *
-     * Just show the page. All args already handled.
-     *
-     * @param array $args $_REQUEST data
-     *
-     * @return void
-     */
-    function handle($args)
-    {
-        parent::handle($args);
-        $this->showPage();
     }
 
     /**
@@ -124,12 +57,12 @@ class RepliesAction extends Action
         if ($this->page == 1) {
             // TRANS: Title for first page of replies for a user.
             // TRANS: %s is a user nickname.
-            return sprintf(_("Replies to %s"), $this->user->nickname);
+            return sprintf(_("Replies to %s"), $this->target->getNickname());
         } else {
             // TRANS: Title for all but the first page of replies for a user.
             // TRANS: %1$s is a user nickname, %2$d is a page number.
             return sprintf(_('Replies to %1$s, page %2$d'),
-                           $this->user->nickname,
+                           $this->target->getNickname(),
                            $this->page);
         }
     }
@@ -144,46 +77,39 @@ class RepliesAction extends Action
         return array(new Feed(Feed::JSON,
                               common_local_url('ApiTimelineMentions',
                                                array(
-                                                    'id' => $this->user->nickname,
+                                                    'id' => $this->target->getNickname(),
                                                     'format' => 'as')),
                               // TRANS: Link for feed with replies for a user.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Replies feed for %s (Activity Streams JSON)'),
-                                      $this->user->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::RSS1,
                               common_local_url('repliesrss',
-                                               array('nickname' => $this->user->nickname)),
+                                               array('nickname' => $this->target->getNickname())),
                               // TRANS: Link for feed with replies for a user.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Replies feed for %s (RSS 1.0)'),
-                                      $this->user->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::RSS2,
                               common_local_url('ApiTimelineMentions',
                                                array(
-                                                    'id' => $this->user->nickname,
+                                                    'id' => $this->target->getNickname(),
                                                     'format' => 'rss')),
                               // TRANS: Link for feed with replies for a user.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Replies feed for %s (RSS 2.0)'),
-                                      $this->user->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::ATOM,
                               common_local_url('ApiTimelineMentions',
                                                array(
-                                                    'id' => $this->user->nickname,
+                                                    'id' => $this->target->getNickname(),
                                                     'format' => 'atom')),
                               // TRANS: Link for feed with replies for a user.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Replies feed for %s (Atom)'),
-                                    $this->user->nickname)));
+                                    $this->target->getNickname())));
     }
 
-    /**
-     * Show the content
-     *
-     * A list of notices that are replies to the user, plus pagination.
-     *
-     * @return void
-     */
     function showContent()
     {
         $nl = new PrimaryNoticeList($this->notice, $this, array('show_n'=>NOTICES_PER_PAGE));
@@ -195,33 +121,30 @@ class RepliesAction extends Action
 
         $this->pagination($this->page > 1, $cnt > NOTICES_PER_PAGE,
                           $this->page, 'replies',
-                          array('nickname' => $this->user->nickname));
+                          array('nickname' => $this->target->getNickname()));
     }
 
     function showEmptyListMessage()
     {
         // TRANS: Empty list message for page with replies for a user.
-        // TRANS: %1$s and %s$s are the user nickname.
+        // TRANS: %1$s is the user nickname.
-        $message = sprintf(_('This is the timeline showing replies to %1$s but %2$s hasn\'t received a notice to them yet.'),
+        $message = sprintf(_('This is the timeline showing replies to %1$s but no notices have arrived yet.'), $this->target->getNickname());
-                           $this->user->nickname,
+        $message .= ' ';    // Spacing between this sentence and the next.
-                           $this->user->nickname) . ' ';
 
         if (common_logged_in()) {
-            $current_user = common_current_user();
+            if ($this->target->getID() === $this->scoped->getID()) {
-            if ($this->user->id === $current_user->id) {
                 // TRANS: Empty list message for page with replies for a user for the logged in user.
                 // TRANS: This message contains a Markdown link in the form [link text](link).
                 $message .= _('You can engage other users in a conversation, subscribe to more people or [join groups](%%action.groups%%).');
             } else {
                 // TRANS: Empty list message for page with replies for a user for all logged in users but the user themselves.
-                // TRANS: %1$s, %2$s and %3$s are a user nickname. This message contains a Markdown link in the form [link text](link).
+                // TRANS: %1$s is a user nickname and %2$s is the same but with a prepended '@' character. This message contains a Markdown link in the form [link text](link).
-                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) or [post something to them](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->user->nickname, $this->user->nickname, '@' . $this->user->nickname);
+                $message .= sprintf(_('You can try to [nudge %1$s](../%1$s) or [post something to them](%%%%action.newnotice%%%%?content=%2$s).'), $this->target->getNickname(), '@' . $this->target->getNickname());
             }
-        }
+        } else {
-        else {
             // TRANS: Empty list message for page with replies for a user for not logged in users.
             // TRANS: %1$s is a user nickname. This message contains a Markdown link in the form [link text](link).
-            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->user->nickname);
+            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->target->getNickname());
         }
 
         $this->elementStart('div', 'guide');
@@ -229,7 +152,7 @@ class RepliesAction extends Action
         $this->elementEnd('div');
     }
 
-    function isReadOnly($args)
+    public function isReadOnly($args)
     {
         return true;
     }

actions/repliesrss.php

@@ -17,70 +17,34 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
+if (!defined('GNUSOCIAL')) { exit(1); }
-
-require_once(INSTALLDIR.'/lib/rssaction.php');
 
 // Formatting of RSS handled by Rss10Action
 
-class RepliesrssAction extends Rss10Action
+class RepliesrssAction extends TargetedRss10Action
 {
-    var $user = null;
+    protected function getNotices()
-
-    function prepare($args)
     {
-        parent::prepare($args);
+        $stream = $this->target->getReplies(0, $this->limit);
-        $nickname = $this->trimmed('nickname');
+        return $stream->fetchAll();
-        $this->user = User::getKV('nickname', $nickname);
-
-        if (!$this->user) {
-            // TRANS: Client error displayed when providing a non-existing nickname in a RSS 1.0 action.
-            $this->clientError(_('No such user.'));
-        } else {
-            $this->notices = $this->getNotices($this->limit);
-            return true;
-        }
-    }
-
-    function getNotices($limit=0)
-    {
-        $user = $this->user;
-
-        $notice = $user->getReplies(0, ($limit == 0) ? 48 : $limit);
-
-        $notices = array();
-
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
     function getChannel()
     {
-        $user = $this->user;
         $c = array('url' => common_local_url('repliesrss',
                                              array('nickname' =>
-                                                   $user->nickname)),
+                                                   $this->target->getNickname())),
                    // TRANS: RSS reply feed title. %s is a user nickname.
-                   'title' => sprintf(_("Replies to %s"), $user->nickname),
+                   'title' => sprintf(_("Replies to %s"), $this->target->getNickname()),
                    'link' => common_local_url('replies',
-                                              array('nickname' =>
+                                              array('nickname' => $this->target->getNickname())),
-                                                    $user->nickname)),
                    // TRANS: RSS reply feed description.
                    // TRANS: %1$s is a user nickname, %2$s is the StatusNet site name.
                    'description' => sprintf(_('Replies to %1$s on %2$s.'),
-                                              $user->nickname, common_config('site', 'name')));
+                                              $this->target->getNickname(), common_config('site', 'name')));
         return $c;
     }
 
-    function getImage()
-    {
-        $profile = $this->user->getProfile();
-        return $profile->avatarUrl(AVATAR_PROFILE_SIZE);
-    }
-
     function isReadOnly($args)
     {
         return true;

actions/robotstxt.php

@@ -27,9 +27,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Prints out a static robots.txt
@@ -40,19 +38,9 @@ if (!defined('STATUSNET')) {
  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
  * @link     http://status.net/
  */
-class RobotstxtAction extends Action
+class RobotstxtAction extends ManagedAction
 {
-    /**
+    public function showPage()
-     * Handles requests
-     *
-     * Since this is a relatively static document, we
-     * don't do a prepare()
-     *
-     * @param array $args GET, POST, and URL params; unused.
-     *
-     * @return void
-     */
-    function handle($args)
     {
         if (Event::handle('StartRobotsTxt', array($this))) {
 

actions/rsd.php

@@ -151,7 +151,7 @@ class RsdAction extends Action
             $this->elementStart('api', $apiAttrs);
             $this->elementStart('settings');
             $this->element('docs', null,
-                           'http://status.net/wiki/TwitterCompatibleAPI');
+                           common_local_url('doc', array('title' => 'api')));
             $this->element('setting', array('name' => 'OAuth'),
                            'true');
             $this->elementEnd('settings');

actions/shownotice.php

@@ -70,10 +70,11 @@ class ShownoticeAction extends ManagedAction
     {
         parent::prepare($args);
         if ($this->boolean('ajax')) {
-            StatusNet::setApi(true);
+            GNUsocial::setApi(true);
         }
 
         $this->notice = $this->getNotice();
+        $this->target = $this->notice;
 
         if (!$this->notice->inScope($this->scoped)) {
             // TRANS: Client exception thrown when trying a view a notice the user has no access to.
@@ -113,20 +114,22 @@ class ShownoticeAction extends ManagedAction
     {
         $id = $this->arg('notice');
 
-        $notice = Notice::getKV('id', $id);
+        $notice = null;
-        if ($notice instanceof Notice) {
+        try {
+            $notice = Notice::getByID($id);
             // Alright, got it!
             return $notice;
-        }
+        } catch (NoResultException $e) {
-
+            // Hm, not found.
-        // Did we use to have it, and it got deleted?
+            $deleted = null;
-        $deleted = Deleted_notice::getKV('id', $id);
+            Event::handle('IsNoticeDeleted', array($id, &$deleted));
-        if ($deleted instanceof Deleted_notice) {
+            if ($deleted === true) {
                 // TRANS: Client error displayed trying to show a deleted notice.
-            $this->clientError(_('Notice deleted.'), 410);
+                throw new ClientException(_('Notice deleted.'), 410);
+            }
         }
         // TRANS: Client error displayed trying to show a non-existing notice.
-        $this->clientError(_('No such notice.'), 404);
+        throw new ClientException(_('No such notice.'), 404);
     }
 
     /**
@@ -211,36 +214,35 @@ class ShownoticeAction extends ManagedAction
     {
     }
 
-    /**
+    function getFeeds()
-     * Don't show aside
+    {
-     *
+        return array(new Feed(Feed::JSON,
-     * @return void
+                              common_local_url('ApiStatusesShow',
-     */
+                                               array(
-    function showAside() {
+                                                    'id' => $this->target->getID(),
+                                                    'format' => 'json')),
+                              // TRANS: Title for link to single notice representation.
+                              // TRANS: %s is a user nickname.
+                              sprintf(_('Single notice (JSON)'))),
+                     new Feed(Feed::ATOM,
+                              common_local_url('ApiStatusesShow',
+                                               array(
+                                                    'id' => $this->target->getID(),
+                                                    'format' => 'atom')),
+                              // TRANS: Title for link to notice feed.
+                              // TRANS: %s is a user nickname.
+                              sprintf(_('Single notice (Atom)'))));
     }
 
     /**
      * Extra <head> content
      *
-     * We show the microid(s) for the author, if any.
+     * Facebook OpenGraph metadata.
      *
      * @return void
      */
     function extraHead()
     {
-        $user = User::getKV($this->profile->id);
-
-        if (!$user instanceof User) {
-            return;
-        }
-
-        if ($user->emailmicroid && $user->email && $this->notice->uri) {
-            $id = new Microid('mailto:'. $user->email,
-                              $this->notice->uri);
-            $this->element('meta', array('name' => 'microid',
-                                         'content' => $id->toString()));
-        }
-
         // Extras to aid in sharing notices to Facebook
         $avatarUrl = $this->profile->avatarUrl(AVATAR_PROFILE_SIZE);
         $this->element('meta', array('property' => 'og:image',

actions/showprofiletag.php

@@ -22,97 +22,31 @@
  * @link     http://status.net
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
-require_once INSTALLDIR.'/lib/profileminilist.php';
+class ShowprofiletagAction extends ShowstreamAction
-require_once INSTALLDIR.'/lib/peopletaglist.php';
-require_once INSTALLDIR.'/lib/noticelist.php';
-require_once INSTALLDIR.'/lib/feedlist.php';
-
-class ShowprofiletagAction extends Action
 {
-    var $notice, $tagger, $peopletag, $userProfile;
+    var $notice, $peopletag;
 
-    function isReadOnly($args)
+    protected function doStreamPreparation()
     {
-        return true;
+        $tag = common_canonical_tag($this->arg('tag'));
-    }
+        try {
-
+            $this->peopletag = Profile_list::getByPK(array('tagger' => $this->target->getID(), 'tag' => $tag));
-    function prepare($args)
+        } catch (NoResultException $e) {
-    {
-        parent::prepare($args);
-
-        if (common_config('singleuser', 'enabled')) {
-            $tagger_arg = User::singleUserNickname();
-        } else {
-            $tagger_arg = $this->arg('tagger');
-        }
-        $tag_arg = $this->arg('tag');
-        $tagger = common_canonical_nickname($tagger_arg);
-        $tag = common_canonical_tag($tag_arg);
-
-        // Permanent redirect on non-canonical nickname
-
-        if ($tagger_arg != $tagger || $tag_arg != $tag) {
-            $args = array('tagger' => $nickname, 'tag' => $tag);
-            if ($this->page != 1) {
-                $args['page'] = $this->page;
-            }
-            common_redirect(common_local_url('showprofiletag', $args), 301);
-        }
-
-        if (!$tagger) {
-            // TRANS: Client error displayed when a tagger is expected but not provided.
-            $this->clientError(_('No tagger.'), 404);
-        }
-
-        $user = User::getKV('nickname', $tagger);
-
-        if (!$user) {
-            // TRANS: Client error displayed trying to perform an action related to a non-existing user.
-            $this->clientError(_('No such user.'), 404);
-        }
-
-        $this->tagger = $user->getProfile();
-        $this->peopletag = Profile_list::pkeyGet(array('tagger' => $user->id, 'tag' => $tag));
-
-        $current = common_current_user();
-        $can_see = !empty($this->peopletag) && (!$this->peopletag->private ||
-                   ($this->peopletag->private && $this->peopletag->tagger === $current->id));
-
-        if (!$can_see) {
             // TRANS: Client error displayed trying to reference a non-existing list.
-            $this->clientError(_('No such list.'), 404);
+            throw new ClientException('No such list.');
         }
 
-        $this->page = ($this->arg('page')) ? ($this->arg('page')+0) : 1;
+        if ($this->peopletag->private && !$this->peopletag->getTagger()->sameAs($this->scoped)) {
-        $this->userProfile = Profile::current();
+            // TRANS: Client error displayed trying to reference a non-existing list.
-
+            throw new AuthorizationException('You do not have permission to see this list.');
-        $stream = new PeopletagNoticeStream($this->peopletag, $this->userProfile);
+        }
-
-        $this->notice = $stream->getNotices(($this->page-1)*NOTICES_PER_PAGE,
-                                            NOTICES_PER_PAGE + 1);
-
-        if ($this->page > 1 && $this->notice->N == 0) {
-            // TRANS: Client error when page not found (404).
-            $this->clientError(_('No such page.'), 404);
     }
 
-        return true;
+    public function getStream()
-    }
-
-    function handle($args)
     {
-        parent::handle($args);
+        return new PeopletagNoticeStream($this->peopletag, $this->scoped);
-
-        if (!$this->peopletag) {
-            // TRANS: Client error displayed trying to perform an action related to a non-existing user.
-            $this->clientError(_('No such user.'));
-        }
-
-        $this->showPage();
     }
 
     function title()
@@ -137,7 +71,7 @@ class ShowprofiletagAction extends Action
             // TRANS: %1$s is a list, %2$s is the tagger's nickname, %3$d is a page number.
             return sprintf(_('Timeline for %1$s list by %2$s, page %3$d'),
                                 $this->peopletag->tag,
-                                $this->tagger->nickname,
+                                $this->target->getNickname(),
                                 $this->page
                           );
         } else {
@@ -160,7 +94,7 @@ class ShowprofiletagAction extends Action
             // TRANS: %1$s is a list, %2$s is the tagger's nickname.
             return sprintf(_('Timeline for %1$s list by %2$s'),
                                 $this->peopletag->tag,
-                                $this->tagger->nickname
+                                $this->target->getNickname()
                           );
         }
     }
@@ -171,29 +105,29 @@ class ShowprofiletagAction extends Action
         return array(new Feed(Feed::JSON,
                 common_local_url(
                     'ApiTimelineList', array(
-                        'user' => $this->tagger->id,
+                        'user' => $this->target->id,
                         'id' => $this->peopletag->id,
                         'format' => 'as'
                     )
                 ),
                 // TRANS: Feed title.
                 // TRANS: %s is tagger's nickname.
-                sprintf(_('Feed for friends of %s (Activity Streams JSON)'), $this->tagger->nickname)),
+                sprintf(_('Feed for friends of %s (Activity Streams JSON)'), $this->target->getNickname())),
                 new Feed(Feed::RSS2,
                 common_local_url(
                     'ApiTimelineList', array(
-                        'user' => $this->tagger->id,
+                        'user' => $this->target->id,
                         'id' => $this->peopletag->id,
                         'format' => 'rss'
                     )
                 ),
                 // TRANS: Feed title.
                 // TRANS: %s is tagger's nickname.
-                sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->tagger->nickname)),
+                sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->target->getNickname())),
             new Feed(Feed::ATOM,
                 common_local_url(
                     'ApiTimelineList', array(
-                        'user' => $this->tagger->id,
+                        'user' => $this->target->id,
                         'id' => $this->peopletag->id,
                         'format' => 'atom'
                     )
@@ -201,7 +135,7 @@ class ShowprofiletagAction extends Action
                 // TRANS: Feed title.
                 // TRANS: %1$s is a list, %2$s is tagger's nickname.
                 sprintf(_('Feed for %1$s list by %2$s (Atom)'),
-                            $this->peopletag->tag, $this->tagger->nickname
+                            $this->peopletag->tag, $this->target->getNickname()
                        )
               )
         );
@@ -219,11 +153,10 @@ class ShowprofiletagAction extends Action
         // TRANS: %1$s is a list, %2$s is a tagger's nickname.
         $message = sprintf(_('This is the timeline for %1$s list by %2$s but no one has posted anything yet.'),
                            $this->peopletag->tag,
-                           $this->tagger->nickname) . ' ';
+                           $this->target->getNickname()) . ' ';
 
         if (common_logged_in()) {
-            $current_user = common_current_user();
+            if ($this->target->sameAs($this->scoped)) {
-            if ($this->tagger->id == $current_user->id) {
                 // TRANS: Additional empty list message for list timeline for currently logged in user tagged tags.
                 $message .= _('Try tagging more people.');
             }
@@ -238,16 +171,15 @@ class ShowprofiletagAction extends Action
         $this->elementEnd('div');
     }
 
-    function showContent()
+    protected function showContent()
     {
         $this->showPeopletag();
-        $this->showNotices();
+        parent::showContent();
     }
 
     function showPeopletag()
     {
-        $cur = common_current_user();
+        $tag = new Peopletag($this->peopletag, $this->scoped, $this);
-        $tag = new Peopletag($this->peopletag, $cur, $this);
         $tag->show();
     }
 
@@ -267,7 +199,7 @@ class ShowprofiletagAction extends Action
                               $this->page,
                               'showprofiletag',
                               array('tag' => $this->peopletag->tag,
-                                    'tagger' => $this->tagger->nickname)
+                                    'nickname' => $this->target->getNickname())
             );
 
             Event::handle('EndShowProfileTagContent', array($this));
@@ -283,11 +215,6 @@ class ShowprofiletagAction extends Action
         # $this->showStatistics();
     }
 
-    function showPageTitle()
-    {
-        $this->element('h1', null, $this->title());
-    }
-
     function showTagged()
     {
         $profile = $this->peopletag->getTagged(0, PROFILES_PER_MINILIST + 1);
@@ -314,7 +241,7 @@ class ShowprofiletagAction extends Action
             if ($cnt > PROFILES_PER_MINILIST) {
                 $this->elementStart('p');
                 $this->element('a', array('href' => common_local_url('taggedprofiles',
-                                                                     array('nickname' => $this->tagger->nickname,
+                                                                     array('nickname' => $this->target->getNickname(),
                                                                            'profiletag' => $this->peopletag->tag)),
                                           'class' => 'more'),
                                // TRANS: Link for more "People in list x by a user"
@@ -356,20 +283,3 @@ class ShowprofiletagAction extends Action
         $this->elementEnd('div');
     }
 }
-
-class Peopletag extends PeopletagListItem
-{
-    protected $avatarSize = AVATAR_PROFILE_SIZE;
-
-    function showStart()
-    {
-        $mode = $this->peopletag->private ? 'private' : 'public';
-        $this->out->elementStart('div', array('class' => 'h-entry peopletag peopletag-profile mode-'.$mode,
-                                             'id' => 'peopletag-' . $this->peopletag->id));
-    }
-
-    function showEnd()
-    {
-        $this->out->elementEnd('div');
-    }
-}

actions/showstream.php

@@ -28,15 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/lib/personalgroupnav.php';
-require_once INSTALLDIR.'/lib/noticelist.php';
-require_once INSTALLDIR.'/lib/profileminilist.php';
-require_once INSTALLDIR.'/lib/groupminilist.php';
-require_once INSTALLDIR.'/lib/feedlist.php';
 
 /**
  * User profile page
@@ -53,29 +45,22 @@ require_once INSTALLDIR.'/lib/feedlist.php';
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-class ShowstreamAction extends ProfileAction
+class ShowstreamAction extends NoticestreamAction
 {
-    var $notice;
+    public function getStream()
-
-    protected function prepare(array $args=array())
     {
-        parent::prepare($args);
-
         if (empty($this->tag)) {
-            $stream = new ProfileNoticeStream($this->profile, $this->scoped);
+            $stream = new ProfileNoticeStream($this->target, $this->scoped);
         } else {
-            $stream = new TaggedProfileNoticeStream($this->profile, $this->tag, $this->scoped);
+            $stream = new TaggedProfileNoticeStream($this->target, $this->tag, $this->scoped);
         }
 
-        $this->notice = $stream->getNotices(($this->page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1);
+        return $stream;
-
-        return true;
     }
 
-
     function title()
     {
-        $base = $this->profile->getFancyName();
+        $base = $this->target->getFancyName();
         if (!empty($this->tag)) {
             if ($this->page == 1) {
                 // TRANS: Page title showing tagged notices in one user's timeline.
@@ -88,7 +73,7 @@ class ShowstreamAction extends ProfileAction
             }
         } else {
             if ($this->page == 1) {
-                return $base;
+                return sprintf(_('Notices by %s'), $base);
             } else {
                 // TRANS: Extended page title showing tagged notices in one user's timeline.
                 // TRANS: %1$s is the username, %2$d is the page number.
@@ -99,14 +84,14 @@ class ShowstreamAction extends ProfileAction
         }
     }
 
-    function showContent()
+    protected function showContent()
     {
         $this->showNotices();
     }
 
     function showProfileBlock()
     {
-        $block = new AccountProfileBlock($this, $this->profile);
+        $block = new AccountProfileBlock($this, $this->target);
         $block->show();
     }
 
@@ -120,78 +105,71 @@ class ShowstreamAction extends ProfileAction
         if (!empty($this->tag)) {
             return array(new Feed(Feed::RSS1,
                                   common_local_url('userrss',
-                                                   array('nickname' => $this->target->nickname,
+                                                   array('nickname' => $this->target->getNickname(),
                                                          'tag' => $this->tag)),
                                   // TRANS: Title for link to notice feed.
                                   // TRANS: %1$s is a user nickname, %2$s is a hashtag.
                                   sprintf(_('Notice feed for %1$s tagged %2$s (RSS 1.0)'),
-                                          $this->target->nickname, $this->tag)));
+                                          $this->target->getNickname(), $this->tag)));
         }
 
         return array(new Feed(Feed::JSON,
                               common_local_url('ApiTimelineUser',
                                                array(
-                                                    'id' => $this->user->id,
+                                                    'id' => $this->target->getID(),
                                                     'format' => 'as')),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Notice feed for %s (Activity Streams JSON)'),
-                                      $this->target->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::RSS1,
                               common_local_url('userrss',
-                                               array('nickname' => $this->target->nickname)),
+                                               array('nickname' => $this->target->getNickname())),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Notice feed for %s (RSS 1.0)'),
-                                      $this->target->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::RSS2,
                               common_local_url('ApiTimelineUser',
                                                array(
-                                                    'id' => $this->user->id,
+                                                    'id' => $this->target->getID(),
                                                     'format' => 'rss')),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Notice feed for %s (RSS 2.0)'),
-                                      $this->target->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::ATOM,
                               common_local_url('ApiTimelineUser',
                                                array(
-                                                    'id' => $this->user->id,
+                                                    'id' => $this->target->getID(),
                                                     'format' => 'atom')),
                               // TRANS: Title for link to notice feed.
                               // TRANS: %s is a user nickname.
                               sprintf(_('Notice feed for %s (Atom)'),
-                                      $this->target->nickname)),
+                                      $this->target->getNickname())),
                      new Feed(Feed::FOAF,
                               common_local_url('foaf', array('nickname' =>
-                                                             $this->target->nickname)),
+                                                             $this->target->getNickname())),
                               // TRANS: Title for link to notice feed. FOAF stands for Friend of a Friend.
                               // TRANS: More information at http://www.foaf-project.org. %s is a user nickname.
-                              sprintf(_('FOAF for %s'), $this->target->nickname)));
+                              sprintf(_('FOAF for %s'), $this->target->getNickname())));
     }
 
     function extraHead()
     {
-        if ($this->profile->bio) {
+        if ($this->target->bio) {
             $this->element('meta', array('name' => 'description',
-                                         'content' => $this->profile->bio));
+                                         'content' => $this->target->getDescription()));
-        }
-
-        if ($this->user->emailmicroid && $this->user->email && $this->profile->profileurl) {
-            $id = new Microid('mailto:'.$this->user->email,
-                              $this->selfUrl());
-            $this->element('meta', array('name' => 'microid',
-                                         'content' => $id->toString()));
         }
 
         // See https://wiki.mozilla.org/Microsummaries
 
         $this->element('link', array('rel' => 'microsummary',
                                      'href' => common_local_url('microsummary',
-                                                                array('nickname' => $this->profile->nickname))));
+                                                                array('nickname' => $this->target->getNickname()))));
 
         $rsd = common_local_url('rsd',
-                                array('nickname' => $this->profile->nickname));
+                                array('nickname' => $this->target->getNickname()));
 
         // RSD, http://tales.phrasewise.com/rfc/rsd
         $this->element('link', array('rel' => 'EditURI',
@@ -200,30 +178,29 @@ class ShowstreamAction extends ProfileAction
 
         if ($this->page != 1) {
             $this->element('link', array('rel' => 'canonical',
-                                         'href' => $this->profile->profileurl));
+                                         'href' => $this->target->getUrl()));
         }
     }
 
     function showEmptyListMessage()
     {
         // TRANS: First sentence of empty list message for a timeline. $1%s is a user nickname.
-        $message = sprintf(_('This is the timeline for %1$s, but %1$s hasn\'t posted anything yet.'), $this->target->nickname) . ' ';
+        $message = sprintf(_('This is the timeline for %1$s, but %1$s hasn\'t posted anything yet.'), $this->target->getNickname()) . ' ';
 
-        if (common_logged_in()) {
+        if ($this->scoped instanceof Profile) {
-            $current_user = common_current_user();
+            if ($this->target->getID() === $this->scoped->getID()) {
-            if ($this->user->id === $current_user->id) {
                 // TRANS: Second sentence of empty list message for a stream for the user themselves.
                 $message .= _('Seen anything interesting recently? You haven\'t posted any notices yet, now would be a good time to start :)');
             } else {
                 // TRANS: Second sentence of empty  list message for a non-self timeline. %1$s is a user nickname, %2$s is a part of a URL.
                 // TRANS: This message contains a Markdown link. Keep "](" together.
-                $message .= sprintf(_('You can try to nudge %1$s or [post something to them](%%%%action.newnotice%%%%?status_textarea=%2$s).'), $this->target->nickname, '@' . $this->target->nickname);
+                $message .= sprintf(_('You can try to nudge %1$s or [post something to them](%%%%action.newnotice%%%%?status_textarea=%2$s).'), $this->target->getNickname(), '@' . $this->target->getNickname());
             }
         }
         else {
             // TRANS: Second sentence of empty message for anonymous users. %s is a user nickname.
             // TRANS: This message contains a Markdown link. Keep "](" together.
-            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->target->nickname);
+            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->target->getNickname());
         }
 
         $this->elementStart('div', 'guide');
@@ -233,16 +210,13 @@ class ShowstreamAction extends ProfileAction
 
     function showNotices()
     {
-        $pnl = null;
+        $pnl = new NoticeList($this->notice, $this);
-        if (Event::handle('ShowStreamNoticeList', array($this->notice, $this, &$pnl))) {
-            $pnl = new ProfileNoticeList($this->notice, $this);
-        }
         $cnt = $pnl->show();
         if (0 == $cnt) {
             $this->showEmptyListMessage();
         }
 
-        $args = array('nickname' => $this->target->nickname);
+        $args = array('nickname' => $this->target->getNickname());
         if (!empty($this->tag))
         {
             $args['tag'] = $this->tag;
@@ -259,13 +233,13 @@ class ShowstreamAction extends ProfileAction
             $m = sprintf(_('**%s** has an account on %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' .
                            'based on the Free Software [StatusNet](http://status.net/) tool. ' .
                            '[Join now](%%%%action.register%%%%) to follow **%s**\'s notices and many more! ([Read more](%%%%doc.help%%%%))'),
-                         $this->target->nickname, $this->target->nickname);
+                         $this->target->getNickname(), $this->target->getNickname());
         } else {
             // TRANS: Announcement for anonymous users showing a timeline if site registrations are closed or invite only.
             // TRANS: This message contains a Markdown link. Keep "](" together.
             $m = sprintf(_('**%s** has an account on %%%%site.name%%%%, a [micro-blogging](http://en.wikipedia.org/wiki/Micro-blogging) service ' .
                            'based on the Free Software [StatusNet](http://status.net/) tool.'),
-                         $this->target->nickname, $this->target->nickname);
+                         $this->target->getNickname(), $this->target->getNickname());
         }
         $this->elementStart('div', array('id' => 'anon_notice'));
         $this->raw(common_markup_to_html($m));
@@ -276,7 +250,7 @@ class ShowstreamAction extends ProfileAction
     {
         parent::showSections();
         if (!common_config('performance', 'high')) {
-            $cloud = new PersonalTagCloudSection($this, $this->user);
+            $cloud = new PersonalTagCloudSection($this->target, $this);
             $cloud->show();
         }
     }
@@ -284,66 +258,11 @@ class ShowstreamAction extends ProfileAction
     function noticeFormOptions()
     {
         $options = parent::noticeFormOptions();
-        $cur = common_current_user();
 
-        if (empty($cur) || $cur->id != $this->profile->id) {
+        if (!$this->scoped instanceof Profile || !$this->scoped->sameAs($this->target)) {
-            $options['to_profile'] =  $this->profile;
+            $options['to_profile'] =  $this->target;
         }
 
         return $options;
     }
 }
-
-// We don't show the author for a profile, since we already know who it is!
-
-/**
- * Slightly modified from standard list; the author & avatar are hidden
- * in CSS. We used to remove them here too, but as it turns out that
- * confuses the inline reply code... and we hide them in CSS anyway
- * since realtime updates come through in original form.
- *
- * Remaining customization right now is for the repeat marker, where
- * it'll list who the original poster was instead of who did the repeat
- * (since the repeater is you, and the repeatee isn't shown!)
- * This will remain inconsistent if realtime updates come through,
- * since those'll get rendered as a regular NoticeListItem.
- */
-class ProfileNoticeList extends NoticeList
-{
-    function newListItem($notice)
-    {
-        return new ProfileNoticeListItem($notice, $this->out);
-    }
-}
-
-class ProfileNoticeListItem extends DoFollowListItem
-{
-    /**
-     * show a link to the author of repeat
-     *
-     * @return void
-     */
-    function showRepeat()
-    {
-        if (!empty($this->repeat)) {
-
-            // FIXME: this code is almost identical to default; need to refactor
-
-            $attrs = array('href' => $this->profile->profileurl,
-                           'class' => 'url');
-
-            if (!empty($this->profile->fullname)) {
-                $attrs['title'] = $this->profile->getFancyName();
-            }
-
-            $this->out->elementStart('span', 'repeat');
-
-            $text_link = XMLStringer::estring('a', $attrs, $this->profile->nickname);
-
-            // TRANS: Link to the author of a repeated notice. %s is a linked nickname.
-            $this->out->raw(sprintf(_('Repeat of %s'), $text_link));
-
-            $this->out->elementEnd('span');
-        }
-    }
-}

actions/silence.php

@@ -27,9 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Silence a user.
@@ -42,45 +40,11 @@ if (!defined('STATUSNET')) {
  */
 class SilenceAction extends ProfileFormAction
 {
-    /**
-     * Check parameters
-     *
-     * @param array $args action arguments (URL, GET, POST)
-     *
-     * @return boolean success flag
-     */
-    function prepare($args)
-    {
-        if (!parent::prepare($args)) {
-            return false;
-        }
-
-        $cur = common_current_user();
-
-        assert(!empty($cur)); // checked by parent
-
-        if (!$cur->hasRight(Right::SILENCEUSER)) {
-            // TRANS: Client error displayed trying to silence a user on a site where the feature is not enabled.
-            $this->clientError(_('You cannot silence users on this site.'));
-        }
-
-        assert(!empty($this->profile)); // checked by parent
-
-        if ($this->profile->isSilenced()) {
-            // TRANS: Client error displayed trying to silence an already silenced user.
-            $this->clientError(_('User is already silenced.'));
-        }
-
-        return true;
-    }
-
-    /**
-     * Silence a user.
-     *
-     * @return void
-     */
     function handlePost()
     {
-        $this->profile->silence();
+        assert($this->scoped instanceof Profile);
+        assert($this->profile instanceof Profile);
+
+        $this->profile->silenceAs($this->scoped);
     }
 }

actions/sitenoticeadminpanel.php

@@ -27,11 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
 
 /**
  * Update the site-wide notice text
@@ -114,13 +110,9 @@ class SitenoticeadminpanelAction extends AdminPanelAction
         }
 
         // scrub HTML input
-
+        require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
-        $config = array(
+        $purifier = new HTMLPurifier();
-            'safe' => 1,
+        $siteNotice = $purifier->purify($siteNotice);
-            'deny_attribute' => 'id,style,on*'
-        );
-
-        $siteNotice = htmLawed($siteNotice, $config);
     }
 }
 

actions/smssettings.php

@@ -27,9 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Settings for SMS
@@ -45,6 +43,14 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 
 class SmssettingsAction extends SettingsAction
 {
+    protected function doPreparation()
+    {
+        if (!common_config('sms', 'enabled')) {
+            // TRANS: Message given in the SMS settings if SMS is not enabled on the site.
+            throw new ServerException(_('SMS is not available.'));
+        }
+    }
+
     /**
      * Title of the page
      *
@@ -86,14 +92,7 @@ class SmssettingsAction extends SettingsAction
      */
     function showContent()
     {
-        if (!common_config('sms', 'enabled')) {
+        $user = $this->scoped->getUser();
-            $this->element('div', array('class' => 'error'),
-                           // TRANS: Message given in the SMS settings if SMS is not enabled on the site.
-                           _('SMS is not available.'));
-            return;
-        }
-
-        $user = common_current_user();
 
         $this->elementStart('form', array('method' => 'post',
                                           'id' => 'form_settings_sms',
@@ -118,8 +117,8 @@ class SmssettingsAction extends SettingsAction
             // TRANS: Button label to remove a confirmed SMS address.
             $this->submit('remove', _m('BUTTON','Remove'));
         } else {
+            try {
                 $confirm = $this->getConfirmation();
-            if ($confirm) {
                 $carrier = Sms_carrier::getKV($confirm->address_extra);
                 $this->element('p', 'form_unconfirmed',
                                $confirm->address . ' (' . $carrier->name . ')');
@@ -141,7 +140,7 @@ class SmssettingsAction extends SettingsAction
                 $this->elementEnd('ul');
                 // TRANS: Button label to confirm SMS confirmation code in SMS settings.
                 $this->submit('confirm', _m('BUTTON','Confirm'));
-            } else {
+            } catch (NoResultException $e) {
                 $this->elementStart('ul', 'form_data');
                 $this->elementStart('li');
                 // TRANS: Field label for SMS phone number input in SMS settings form.
@@ -216,60 +215,38 @@ class SmssettingsAction extends SettingsAction
      */
     function getConfirmation()
     {
-        $user = common_current_user();
-
         $confirm = new Confirm_address();
 
-        $confirm->user_id      = $user->id;
+        $confirm->user_id      = $this->scoped->getID();
         $confirm->address_type = 'sms';
 
         if ($confirm->find(true)) {
             return $confirm;
-        } else {
-            return null;
-        }
         }
 
-    /**
+        throw new NoResultException($confirm);
-     * Handle posts to this form
+    }
-     *
+
-     * Based on the button that was pressed, muxes out to other functions
+    protected function doPost()
-     * to do the actual task requested.
-     *
-     * All sub-functions reload the form with a message -- success or failure.
-     *
-     * @return void
-     */
-    function handlePost()
     {
-        // CSRF protection
-
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. '.
-                              'Try again, please.'));
-            return;
-        }
 
         if ($this->arg('save')) {
-            $this->savePreferences();
+            return $this->savePreferences();
         } else if ($this->arg('add')) {
-            $this->addAddress();
+            return $this->addAddress();
         } else if ($this->arg('cancel')) {
-            $this->cancelConfirmation();
+            return $this->cancelConfirmation();
         } else if ($this->arg('remove')) {
-            $this->removeAddress();
+            return $this->removeAddress();
         } else if ($this->arg('removeincoming')) {
-            $this->removeIncoming();
+            return $this->removeIncoming();
         } else if ($this->arg('newincoming')) {
-            $this->newIncoming();
+            return $this->newIncoming();
         } else if ($this->arg('confirm')) {
-            $this->confirmCode();
+            return $this->confirmCode();
-        } else {
-            // TRANS: Message given submitting a form with an unknown action in SMS settings.
-            $this->showForm(_('Unexpected form submission.'));
         }
+        // TRANS: Message given submitting a form with an unknown action in SMS settings.
+        throw new ClientException(_('Unexpected form submission.'));
     }
 
     /**
@@ -281,30 +258,26 @@ class SmssettingsAction extends SettingsAction
      */
     function savePreferences()
     {
-        $smsnotify = $this->boolean('smsnotify');
+        $user = $this->scoped->getUser();
-
-        $user = common_current_user();
-
-        assert(!is_null($user)); // should already be checked
 
         $user->query('BEGIN');
 
         $original = clone($user);
 
-        $user->smsnotify = $smsnotify;
+        $user->smsnotify = $this->boolean('smsnotify');
 
         $result = $user->update($original);
 
         if ($result === false) {
             common_log_db_error($user, 'UPDATE', __FILE__);
             // TRANS: Server error thrown on database error updating SMS preferences.
-            $this->serverError(_('Could not update user.'));
+            throw new ServerException(_('Could not update user.'));
         }
 
         $user->query('COMMIT');
 
         // TRANS: Confirmation message for successful SMS preferences save.
-        $this->showForm(_('SMS preferences saved.'), true);
+        return _('SMS preferences saved.');
     }
 
     /**
@@ -324,28 +297,24 @@ class SmssettingsAction extends SettingsAction
 
         // Some validation
 
-        if (!$sms) {
+        if (empty($sms)) {
             // TRANS: Message given saving SMS phone number without having provided one.
-            $this->showForm(_('No phone number.'));
+            throw new ClientException(_('No phone number.'));
-            return;
         }
 
-        if (!$carrier_id) {
+        if (empty($carrier_id)) {
             // TRANS: Message given saving SMS phone number without having selected a carrier.
-            $this->showForm(_('No carrier selected.'));
+            throw new ClientException(_('No carrier selected.'));
-            return;
         }
 
         $sms = common_canonical_sms($sms);
 
-        if ($user->sms == $sms) {
+        if ($user->sms === $sms) {
             // TRANS: Message given saving SMS phone number that is already set.
-            $this->showForm(_('That is already your phone number.'));
+            throw new AlreadyFulfilledException(_('That is already your phone number.'));
-            return;
         } else if ($this->smsExists($sms)) {
             // TRANS: Message given saving SMS phone number that is already set for another user.
-            $this->showForm(_('That phone number already belongs to another user.'));
+            throw new ClientException(_('That phone number already belongs to another user.'));
-            return;
         }
 
         $confirm = new Confirm_address();
@@ -353,7 +322,7 @@ class SmssettingsAction extends SettingsAction
         $confirm->address       = $sms;
         $confirm->address_extra = $carrier_id;
         $confirm->address_type  = 'sms';
-        $confirm->user_id       = $user->id;
+        $confirm->user_id       = $this->scoped->getID();
         $confirm->code          = common_confirmation_code(40);
 
         $result = $confirm->insert();
@@ -371,11 +340,9 @@ class SmssettingsAction extends SettingsAction
                          $carrier->toEmailAddress($sms));
 
         // TRANS: Message given saving valid SMS phone number that is to be confirmed.
-        $msg = _('A confirmation code was sent to the phone number you added. '.
+        return _('A confirmation code was sent to the phone number you added. '.
                  'Check your phone for the code and instructions '.
                  'on how to use it.');
-
-        $this->showForm($msg, true);
     }
 
     /**
@@ -390,29 +357,27 @@ class SmssettingsAction extends SettingsAction
         $sms     = $this->trimmed('sms');
         $carrier = $this->trimmed('carrier');
 
+        try {
             $confirm = $this->getConfirmation();
-
-        if (!$confirm) {
-            // TRANS: Message given canceling SMS phone number confirmation that is not pending.
-            $this->showForm(_('No pending confirmation to cancel.'));
-            return;
-        }
             if ($confirm->address != $sms) {
                 // TRANS: Message given canceling SMS phone number confirmation for the wrong phone number.
-            $this->showForm(_('That is the wrong confirmation number.'));
+                throw new ClientException(_('That is the wrong confirmation number.'));
-            return;
+            }
+        } catch (NoResultException $e) {
+            // TRANS: Message given canceling SMS phone number confirmation that is not pending.
+            throw new AlreadyFulfilledException(_('No pending confirmation to cancel.'));
         }
 
         $result = $confirm->delete();
 
-        if (!$result) {
+        if ($result === false) {
             common_log_db_error($confirm, 'DELETE', __FILE__);
             // TRANS: Server error thrown on database error canceling SMS phone number confirmation.
-            $this->serverError(_('Could not delete SMS confirmation.'));
+            throw new ServerException(_('Could not delete SMS confirmation.'));
         }
 
         // TRANS: Message given after successfully canceling SMS phone number confirmation.
-        $this->showForm(_('SMS confirmation cancelled.'), true);
+        return _('SMS confirmation cancelled.');
     }
 
     /**
@@ -422,7 +387,7 @@ class SmssettingsAction extends SettingsAction
      */
     function removeAddress()
     {
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
 
         $sms     = $this->arg('sms');
         $carrier = $this->arg('carrier');
@@ -432,8 +397,7 @@ class SmssettingsAction extends SettingsAction
         if ($user->sms != $sms) {
             // TRANS: Message given trying to remove an SMS phone number that is not
             // TRANS: registered for the active user.
-            $this->showForm(_('That is not your phone number.'));
+            throw new ClientException(_('That is not your phone number.'));
-            return;
         }
 
         $original = clone($user);
@@ -446,7 +410,7 @@ class SmssettingsAction extends SettingsAction
         $user->updateWithKeys($original);
 
         // TRANS: Message given after successfully removing a registered SMS phone number.
-        $this->showForm(_('The SMS phone number was removed.'), true);
+        return _('The SMS phone number was removed.');
     }
 
     /**
@@ -460,15 +424,13 @@ class SmssettingsAction extends SettingsAction
      */
     function smsExists($sms)
     {
-        $user = common_current_user();
-
         $other = User::getKV('sms', $sms);
 
-        if (!$other) {
+        if (!$other instanceof User) {
             return false;
-        } else {
-            return $other->id != $user->id;
         }
+
+        return !$this->scoped->sameAs($other->getProfile());
     }
 
     /**
@@ -519,15 +481,12 @@ class SmssettingsAction extends SettingsAction
     {
         $code = $this->trimmed('code');
 
-        if (!$code) {
+        if (empty($code)) {
             // TRANS: Message given saving SMS phone number confirmation code without having provided one.
-            $this->showForm(_('No code entered.'));
+            throw new ClientException(_('No code entered.'));
-            return;
         }
 
-        common_redirect(common_local_url('confirmaddress',
+        common_redirect(common_local_url('confirmaddress', array('code' => $code)), 303);
-                                         array('code' => $code)),
-                        303);
     }
 
     /**
@@ -541,8 +500,7 @@ class SmssettingsAction extends SettingsAction
 
         if (!$user->incomingemail) {
             // TRANS: Form validation error displayed when trying to remove an incoming e-mail address while no address has been set.
-            $this->showForm(_('No incoming email address.'));
+            throw new ClientException(_('No incoming email address.'));
-            return;
         }
 
         $orig = clone($user);
@@ -553,7 +511,7 @@ class SmssettingsAction extends SettingsAction
         $user->updateWithKeys($orig);
 
         // TRANS: Confirmation text after updating SMS settings.
-        $this->showForm(_('Incoming email address removed.'), true);
+        return _('Incoming email address removed.');
     }
 
     /**
@@ -565,7 +523,7 @@ class SmssettingsAction extends SettingsAction
      */
     function newIncoming()
     {
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
 
         $orig = clone($user);
 
@@ -575,6 +533,6 @@ class SmssettingsAction extends SettingsAction
         $user->updateWithKeys($orig);
 
         // TRANS: Confirmation text after updating SMS settings.
-        $this->showForm(_('New incoming email address added.'), true);
+        return _('New incoming email address added.');
     }
 }

actions/startpage.php

@@ -1,26 +0,0 @@
-<?php
-/**
- * Startpage action. Decides what to show on the first page.
- */
-
-if (!defined('GNUSOCIAL')) { exit(1); }
-
-class StartpageAction extends ManagedAction
-{
-    function isReadOnly($args)
-    {
-        return true;
-    }
-
-    function showPage()
-    {
-        if (common_config('singleuser', 'enabled')) {
-            $user = User::singleUser();
-            common_redirect(common_local_url('showstream', array('nickname' => $user->nickname)), 303);
-        } elseif (common_config('public', 'localonly')) {
-            common_redirect(common_local_url('public'), 303);
-        } else {
-            common_redirect(common_local_url('networkpublic'), 303);
-        }
-    }
-}

actions/subqueue.php

@@ -27,11 +27,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
-
-require_once(INSTALLDIR.'/lib/profilelist.php');
 
 /**
  * List of group members
@@ -50,9 +46,9 @@ class SubqueueAction extends GalleryAction
     {
         parent::prepare($args);
 
-        if ($this->scoped->id != $this->target->id) {
+        if (!$this->target->sameAs($this->scoped)) {
             // TRANS: Client error displayed when trying to approve group applicants without being a group administrator.
-            $this->clientError(_('You may only approve your own pending subscriptions.'));
+            throw new ClientException(_('You may only approve your own pending subscriptions.'));
         }
         return true;
     }
@@ -88,47 +84,21 @@ class SubqueueAction extends GalleryAction
 
         $cnt = 0;
 
-        $members = $this->target->getRequests($offset, $limit);
+        try {
-
+            $subqueue = $this->target->getRequests($offset, $limit);
-        if ($members) {
+        } catch (NoResultException $e) {
-            // @fixme change!
+            // TRANS: If no pending subscription requests are found
-            $member_list = new SubQueueList($members, $this);
+            $this->element('div', null, _m('You have no pending subscription requests.'));
-            $cnt = $member_list->show();
+            return;
         }
 
-        $members->free();
+        $list = new SubQueueList($subqueue, $this);
+        $cnt = $list->show();
+
+        $subqueue->free();
 
         $this->pagination($this->page > 1, $cnt > PROFILES_PER_PAGE,
                           $this->page, 'subqueue',
                           array('nickname' => $this->target->getNickname())); // urgh
     }
 }
-
-class SubQueueList extends ProfileList
-{
-    function newListItem($profile)
-    {
-        return new SubQueueListItem($profile, $this->action);
-    }
-}
-
-class SubQueueListItem extends ProfileListItem
-{
-    function showActions()
-    {
-        $this->startActions();
-        if (Event::handle('StartProfileListItemActionElements', array($this))) {
-            $this->showApproveButtons();
-            Event::handle('EndProfileListItemActionElements', array($this));
-        }
-        $this->endActions();
-    }
-
-    function showApproveButtons()
-    {
-        $this->out->elementStart('li', 'entity_approval');
-        $form = new ApproveSubForm($this->out, $this->profile);
-        $form->show();
-        $this->out->elementEnd('li');
-    }
-}

actions/subscribe.php

@@ -122,7 +122,7 @@ class SubscribeAction extends Action
     {
         // Throws exception on error
 
-        $sub = Subscription::start($this->user->getProfile(),
+        $sub = Subscription::ensureStart($this->user->getProfile(),
                                    $this->other);
 
         if ($this->boolean('ajax')) {

actions/subscribers.php

@@ -132,64 +132,3 @@ class SubscribersAction extends GalleryAction
         parent::showSections();
     }
 }
-
-class SubscribersList extends SubscriptionList
-{
-    function newListItem($profile)
-    {
-        return new SubscribersListItem($profile, $this->owner, $this->action);
-    }
-}
-
-class SubscribersListItem extends SubscriptionListItem
-{
-    function showActions()
-    {
-        $this->startActions();
-        if (Event::handle('StartProfileListItemActionElements', array($this))) {
-            $this->showSubscribeButton();
-            // Relevant code!
-            $this->showBlockForm();
-            Event::handle('EndProfileListItemActionElements', array($this));
-        }
-        $this->endActions();
-    }
-
-    function showBlockForm()
-    {
-        $user = common_current_user();
-
-        if (!empty($user) && $this->owner->id == $user->id) {
-            $returnto = array('action' => 'subscribers',
-                              'nickname' => $this->owner->getNickname());
-            $page = $this->out->arg('page');
-            if ($page) {
-                $returnto['param-page'] = $page;
-            }
-            $bf = new BlockForm($this->out, $this->profile, $returnto);
-            $bf->show();
-        }
-    }
-
-    function linkAttributes()
-    {
-        $aAttrs = parent::linkAttributes();
-
-        if (common_config('nofollow', 'subscribers')) {
-            $aAttrs['rel'] .= ' nofollow';
-        }
-
-        return $aAttrs;
-    }
-
-    function homepageAttributes()
-    {
-        $aAttrs = parent::linkAttributes();
-
-        if (common_config('nofollow', 'subscribers')) {
-            $aAttrs['rel'] = 'nofollow';
-        }
-
-        return $aAttrs;
-    }
-}

actions/subscriptions.php

@@ -28,9 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * A list of the user's subscriptions
@@ -60,7 +58,7 @@ class SubscriptionsAction extends GalleryAction
 
     function showPageNotice()
     {
-        if ($this->scoped instanceof Profile && $this->scoped->id === $this->target->id) {
+        if ($this->scoped instanceof Profile && $this->scoped->sameAs($this->getTarget())) {
             $this->element('p', null,
                            // TRANS: Page notice for page with an overview of all subscriptions
                            // TRANS: of the logged in user's own profile.
@@ -156,71 +154,3 @@ class SubscriptionsAction extends GalleryAction
                                       $this->target->getNickname())));
     }
 }
-
-// XXX SubscriptionsList and SubscriptionList are dangerously close
-
-class SubscriptionsList extends SubscriptionList
-{
-    function newListItem($profile)
-    {
-        return new SubscriptionsListItem($profile, $this->owner, $this->action);
-    }
-}
-
-class SubscriptionsListItem extends SubscriptionListItem
-{
-    function showOwnerControls()
-    {
-        $sub = Subscription::pkeyGet(array('subscriber' => $this->owner->id,
-                                           'subscribed' => $this->profile->id));
-        if (!$sub) {
-            return;
-        }
-
-        $transports = array();
-        Event::handle('GetImTransports', array(&$transports));
-        if (!$transports && !common_config('sms', 'enabled')) {
-            return;
-        }
-
-        $this->out->elementStart('form', array('id' => 'subedit-' . $this->profile->id,
-                                          'method' => 'post',
-                                          'class' => 'form_subscription_edit',
-                                          'action' => common_local_url('subedit')));
-        $this->out->hidden('token', common_session_token());
-        $this->out->hidden('profile', $this->profile->id);
-        if ($transports) {
-            $attrs = array('name' => 'jabber',
-                           'type' => 'checkbox',
-                           'class' => 'checkbox',
-                           'id' => 'jabber-'.$this->profile->id);
-            if ($sub->jabber) {
-                $attrs['checked'] = 'checked';
-            }
-
-            $this->out->element('input', $attrs);
-            // TRANS: Checkbox label for enabling IM messages for a profile in a subscriptions list.
-            $this->out->element('label', array('for' => 'jabber-'.$this->profile->id), _m('LABEL','IM'));
-        } else {
-            $this->out->hidden('jabber', $sub->jabber);
-        }
-        if (common_config('sms', 'enabled')) {
-            $attrs = array('name' => 'sms',
-                           'type' => 'checkbox',
-                           'class' => 'checkbox',
-                           'id' => 'sms-'.$this->profile->id);
-            if ($sub->sms) {
-                $attrs['checked'] = 'checked';
-            }
-
-            $this->out->element('input', $attrs);
-            // TRANS: Checkbox label for enabling SMS messages for a profile in a subscriptions list.
-            $this->out->element('label', array('for' => 'sms-'.$this->profile->id), _('SMS'));
-        } else {
-            $this->out->hidden('sms', $sub->sms);
-        }
-        // TRANS: Save button for settings for a profile in a subscriptions list.
-        $this->out->submit('save', _m('BUTTON','Save'));
-        $this->out->elementEnd('form');
-    }
-}

actions/tag.php

@@ -46,7 +46,8 @@ class TagAction extends ManagedAction
 
         common_set_returnto($this->selfUrl());
 
-        $this->notice = Notice_tag::getStream($this->tag, (($this->page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1);
+        $this->notice = Notice_tag::getStream($this->tag)->getNotices(($this->page-1)*NOTICES_PER_PAGE,
+                                                                       NOTICES_PER_PAGE + 1);
 
         if($this->page > 1 && $this->notice->N == 0){
             // TRANS: Client error when page not found (404).

actions/tagprofile.php

@@ -19,9 +19,6 @@
 
 if (!defined('GNUSOCIAL')) { exit(1); }
 
-require_once INSTALLDIR . '/lib/settingsaction.php';
-require_once INSTALLDIR . '/lib/peopletags.php';
-
 class TagprofileAction extends FormAction
 {
     var $error = null;
@@ -29,36 +26,32 @@ class TagprofileAction extends FormAction
     protected $target = null;
     protected $form = 'TagProfile';
 
-    protected function prepare(array $args=array())
+    protected function doPreparation()
     {
-        parent::prepare($args);
-
         $id = $this->trimmed('id');
-        if (!$id) {
+        $uri = $this->trimmed('uri');
-            $this->target = null;
+        if (!empty($id))  {
-        } else {
             $this->target = Profile::getKV('id', $id);
 
             if (!$this->target instanceof Profile) {
                 // TRANS: Client error displayed when referring to non-existing profile ID.
                 $this->clientError(_('No profile with that ID.'));
             }
+        } elseif (!empty($uri)) {
+            $this->target = Profile::fromUri($uri);
+        } else {
+            // TRANS: Client error displayed when trying to tag a user but no ID or profile is provided.
+            $this->clientError(_('No profile identifier provided.'));
         }
 
-        if ($this->target instanceof Profile && !$this->scoped->canTag($this->target)) {
+        if (!$this->scoped->canTag($this->target)) {
             // TRANS: Client error displayed when trying to tag a user that cannot be tagged.
             $this->clientError(_('You cannot tag this user.'));
         }
 
-        return true;
+        $this->formOpts = $this->target;
-    }
 
-    protected function handle()
+        return true;
-    {
-        if (Event::handle('StartTagProfileAction', array($this, $this->target))) {
-            parent::handle();
-            Event::handle('EndTagProfileAction', array($this, $this->target));
-        }
     }
 
     function title()
@@ -72,6 +65,15 @@ class TagprofileAction extends FormAction
         return sprintf(_m('ADDTOLIST','List %s'), $this->target->getNickname());
     }
 
+    function showPage()
+    {
+        // Only serve page content if we aren't POSTing via ajax
+        // otherwise, we serve XML content from doPost()
+        if (!$this->isPost() || !$this->boolean('ajax')) {
+            parent::showPage();
+        }
+    }
+
     function showContent()
     {
         $this->elementStart('div', 'entity_profile h-card');
@@ -115,17 +117,8 @@ class TagprofileAction extends FormAction
         }
     }
 
-    protected function getForm()
+    protected function doPost()
     {
-        $class = $this->form.'Form';
-        $form = new $class($this, $this->target);
-        return $form;
-    }
-
-    protected function handlePost()
-    {
-        parent::handlePost();   // Does nothing for now
-
         $tagstring = $this->trimmed('tags');
         $token = $this->trimmed('token');
 
@@ -144,22 +137,16 @@ class TagprofileAction extends FormAction
                     if (!common_valid_profile_tag($tag)) {
                         // TRANS: Form validation error displayed if a given tag is invalid.
                         // TRANS: %s is the invalid tag.
-                        $this->showForm(sprintf(_('Invalid tag: "%s".'), $tag));
+                        throw new ClientException(sprintf(_('Invalid tag: "%s".'), $tag));
-                        return;
                     }
 
                     $tag_priv[$tag] = $private;
                 }
             }
 
-            try {
+            $result = Profile_tag::setTags($this->scoped->getID(), $this->target->getID(), $tags, $tag_priv);
-                $result = Profile_tag::setTags($this->scoped->id, $this->target->id, $tags, $tag_priv);
             if (!$result) {
-                    throw new Exception('The tags could not be saved.');
+                throw new ServerException('The tags could not be saved.');
-                }
-            } catch (Exception $e) {
-                $this->showForm($e->getMessage());
-                return false;
             }
 
             if ($this->boolean('ajax')) {
@@ -188,17 +175,4 @@ class TagprofileAction extends FormAction
             Event::handle('EndSavePeopletags', array($this, $tagstring));
         }
     }
-
-    function showPageNotice()
-    {
-        if ($this->error) {
-            $this->element('p', 'error', $this->error);
-        } else {
-            $this->elementStart('div', 'instructions');
-            $this->element('p', null,
-                           // TRANS: Page notice.
-                           _('Use this form to add your subscribers or subscriptions to lists.'));
-            $this->elementEnd('div');
-        }
-    }
 }

actions/tagrss.php

@@ -17,42 +17,28 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
+if (!defined('GNUSOCIAL')) { exit(1); }
-
-require_once(INSTALLDIR.'/lib/rssaction.php');
 
 // Formatting of RSS handled by Rss10Action
+
 class TagrssAction extends Rss10Action
 {
-    var $tag;
+    protected $tag;
 
-    function prepare($args) {
+    protected function doStreamPreparation()
-        parent::prepare($args);
+    {
         $tag = common_canonical_tag($this->trimmed('tag'));
         $this->tag = Notice_tag::getKV('tag', $tag);
-        if (!$this->tag) {
+        if (!$this->tag instanceof Notice_tag) {
             // TRANS: Client error when requesting a tag feed for a non-existing tag.
             $this->clientError(_('No such tag.'));
-        } else {
-            $this->notices = $this->getNotices($this->limit);
-            return true;
         }
     }
 
-    function getNotices($limit=0)
+    protected function getNotices()
     {
-        $tag = $this->tag;
+        $stream = Notice_tag::getStream($this->tag->tag)->getNotices(0, $this->limit);
-
+        return $stream->fetchAll();
-        if (is_null($tag)) {
-            return null;
-        }
-
-        $notice = Notice_tag::getStream($tag->tag, 0, ($limit == 0) ? NOTICES_PER_PAGE : $limit);
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
     function getChannel()

actions/top.php

@@ -20,67 +20,29 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
- * @category  Top
- * @package   StatusNet
- * @author    Evan Prodromou <evan@status.net>
- * @copyright 2010 StatusNet, Inc.
- * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
- * @link      http://status.net/
- */
-
-if (!defined('STATUSNET')) {
-    // This check helps protect against security problems;
-    // your code file can't be executed directly from the web.
-    exit(1);
-}
-
-/**
- * An action to redirect to the top of the site
- *
  * @category  Action
- * @package   StatusNet
+ * @package   GNUsocial
  * @author    Evan Prodromou <evan@status.net>
+ * @author    Mikael Nordfeldth <mmn@hethane.se>
  * @copyright 2010 StatusNet, Inc.
- * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
+ * @copyright 2015 Free Software Foundation, Inc.
- * @link      http://status.net/
+ * @license   https://www.gnu.org/licenses/agpl-3.0.html AGPL 3.0
+ * @link      https://gnu.io/social
  */
 
-class TopAction extends Action
+if (!defined('GNUSOCIAL')) { exit(1); }
+
+class TopAction extends ManagedAction
 {
-    /**
+    public function showPage()
-     * For initializing members of the class.
-     *
-     * @param array $argarray misc. arguments
-     *
-     * @return boolean true
-     */
-
-    function prepare($argarray)
-    {
-        parent::prepare($argarray);
-        return true;
-    }
-
-    /**
-     * Handler method
-     *
-     * @param array $argarray is ignored since it's now passed in in prepare()
-     *
-     * @return void
-     */
-
-    function handle($argarray=null)
     {
         if (common_config('singleuser', 'enabled')) {
-            $url = common_local_url('showstream', array('nickname' => User::singleUserNickname()));
+            $user = User::singleUser();
+            common_redirect(common_local_url('showstream', array('nickname' => $user->getNickname())), 303);
+        } elseif (common_config('public', 'localonly')) {
+            common_redirect(common_local_url('public'), 303);
         } else {
-            $url = common_local_url('public');
+            common_redirect(common_local_url('networkpublic'), 303);
-        }
+        }
-
-        // XXX: Permanent? I think so.
-
-        common_redirect($url, 301);
-
-        return;
     }
 }

actions/unsilence.php

@@ -27,12 +27,10 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
- * Silence a user.
+ * Unsilence a user.
  *
  * @category Action
  * @package  StatusNet
@@ -42,45 +40,11 @@ if (!defined('STATUSNET')) {
  */
 class UnsilenceAction extends ProfileFormAction
 {
-    /**
-     * Check parameters
-     *
-     * @param array $args action arguments (URL, GET, POST)
-     *
-     * @return boolean success flag
-     */
-    function prepare($args)
-    {
-        if (!parent::prepare($args)) {
-            return false;
-        }
-
-        $cur = common_current_user();
-
-        assert(!empty($cur)); // checked by parent
-
-        if (!$cur->hasRight(Right::SILENCEUSER)) {
-            // TRANS: Client error on page to unsilence a user when the feature is not enabled.
-            $this->clientError(_('You cannot silence users on this site.'));
-        }
-
-        assert(!empty($this->profile)); // checked by parent
-
-        if (!$this->profile->isSilenced()) {
-            // TRANS: Client error on page to unsilence a user when the to be unsilenced user has not been silenced.
-            $this->clientError(_('User is not silenced.'));
-        }
-
-        return true;
-    }
-
-    /**
-     * Silence a user.
-     *
-     * @return void
-     */
     function handlePost()
     {
-        $this->profile->unsilence();
+        assert($this->scoped instanceof Profile);
+        assert($this->profile instanceof Profile);
+
+        $this->profile->unsilenceAs($this->scoped);
     }
 }

actions/urlsettings.php

@@ -28,9 +28,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Miscellaneous settings actions
@@ -83,7 +81,7 @@ class UrlsettingsAction extends SettingsAction
      */
     function showContent()
     {
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
 
         $this->elementStart('form', array('method' => 'post',
                                           'id' => 'form_settings_other',
@@ -154,31 +152,13 @@ class UrlsettingsAction extends SettingsAction
         $this->elementEnd('form');
     }
 
-    /**
+    protected function doPost()
-     * Handle a post
-     *
-     * Saves the changes to url-shortening prefs and shows a success or failure
-     * message.
-     *
-     * @return void
-     */
-    function handlePost()
     {
-        // CSRF protection
-        $token = $this->trimmed('token');
-        if (!$token || $token != common_session_token()) {
-            // TRANS: Client error displayed when the session token does not match or is not given.
-            $this->showForm(_('There was a problem with your session token. '.
-                              'Try again, please.'));
-            return;
-        }
-
         $urlshorteningservice = $this->trimmed('urlshorteningservice');
 
         if (!is_null($urlshorteningservice) && strlen($urlshorteningservice) > 50) {
             // TRANS: Form validation error for form "Other settings" in user profile.
-            $this->showForm(_('URL shortening service is too long (maximum 50 characters).'));
+            throw new ClientException(_('URL shortening service is too long (maximum 50 characters).'));
-            return;
         }
 
         $maxurllength = $this->trimmed('maxurllength');
@@ -195,9 +175,7 @@ class UrlsettingsAction extends SettingsAction
             throw new ClientException(_('Invalid number for maximum notice length.'));
         }
 
-        $user = common_current_user();
+        $user = $this->scoped->getUser();
-
-        assert(!is_null($user)); // should already be checked
 
         $user->query('BEGIN');
 
@@ -209,14 +187,15 @@ class UrlsettingsAction extends SettingsAction
 
         if ($result === false) {
             common_log_db_error($user, 'UPDATE', __FILE__);
+            $user->query('ROLLBACK');
             // TRANS: Server error displayed when "Other" settings in user profile could not be updated on the server.
-            $this->serverError(_('Could not update user.'));
+            throw new ServerException(_('Could not update user.'));
         }
 
         $prefs = User_urlshortener_prefs::getPrefs($user);
         $orig  = null;
 
-        if (empty($prefs)) {
+        if (!$prefs instanceof User_urlshortener_prefs) {
             $prefs = new User_urlshortener_prefs();
 
             $prefs->user_id = $user->id;
@@ -229,13 +208,14 @@ class UrlsettingsAction extends SettingsAction
         $prefs->maxurllength         = $maxurllength;
         $prefs->maxnoticelength      = $maxnoticelength;
 
-        if (!empty($orig)) {
+        if ($orig instanceof User_urlshortener_prefs) {
             $result = $prefs->update($orig);
         } else {
             $result = $prefs->insert();
         }
 
-        if (!$result) {
+        if ($result === null) {
+            $user->query('ROLLBACK');
             // TRANS: Server exception thrown in profile URL settings when preferences could not be saved.
             throw new ServerException(_('Error saving user URL shortening preferences.'));
         }
@@ -243,6 +223,6 @@ class UrlsettingsAction extends SettingsAction
         $user->query('COMMIT');
 
         // TRANS: Confirmation message after saving preferences.
-        $this->showForm(_('Preferences saved.'), true);
+        return _('Preferences saved.');
     }
 }

actions/userbyid.php

@@ -28,9 +28,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * User by ID action class.
@@ -42,50 +40,27 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
  * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
  * @link     http://status.net/
  */
-class UserbyidAction extends Action
+class UserbyidAction extends ShowstreamAction
 {
-     /**
+    protected function doPreparation()
-     * Is read only?
-     *
-     * @return boolean true
-     */
-    function isReadOnly($args)
     {
-        return true;
+        // accessing by ID just requires an ID, not a nickname
-    }
+        $this->target = Profile::getByID($this->trimmed('id'));
-
-     /**
-     * Class handler.
-     *
-     * @param array $args array of arguments
-     *
-     * @return nothing
-     */
-    protected function handle()
-    {
-        parent::handle();
-        $id = $this->trimmed('id');
-        if (!$id) {
-            // TRANS: Client error displayed trying to find a user by ID without providing an ID.
-            $this->clientError(_('No ID.'));
-        }
-        $user = User::getKV($id);
-        if (!$user) {
-            // TRANS: Client error displayed trying to find a user by ID for a non-existing ID.
-            $this->clientError(_('No such user.'));
-        }
 
+        // For local users when accessed by id number, redirect with
+        // the nickname as argument instead of id.
+        if ($this->target->isLocal()) {
             // Support redirecting to FOAF rdf/xml if the agent prefers it...
             // Internet Explorer doesn't specify "text/html" and does list "*/*"
             // at least through version 8. We need to list text/html up front to
             // ensure that only user-agents who specifically ask for RDF get it.
             $page_prefs = 'text/html,application/xhtml+xml,application/rdf+xml,application/xml;q=0.3,text/xml;q=0.2';
-        $httpaccept = isset($_SERVER['HTTP_ACCEPT'])
+            $httpaccept = isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : null;
-                      ? $_SERVER['HTTP_ACCEPT'] : null;
             $type       = common_negotiate_type(common_accept_to_prefs($httpaccept),
                                                 common_accept_to_prefs($page_prefs));
-        $page       = $type == 'application/rdf+xml' ? 'foaf' : 'showstream';
+            $page       = $type === 'application/rdf+xml' ? 'foaf' : 'showstream';
-        $url        = common_local_url($page, array('nickname' => $user->nickname));
+            $url        = common_local_url($page, array('nickname' => $this->target->getNickname()));
             common_redirect($url, 303);
         }
     }
+}

actions/usergroups.php

@@ -52,46 +52,71 @@ class UsergroupsAction extends GalleryAction
         if ($this->page == 1) {
             // TRANS: Page title for first page of groups for a user.
             // TRANS: %s is a nickname.
-            return sprintf(_('%s groups'), $this->user->nickname);
+            return sprintf(_('%s groups'), $this->getTarget()->getNickname());
         } else {
             // TRANS: Page title for all but the first page of groups for a user.
             // TRANS: %1$s is a nickname, %2$d is a page number.
             return sprintf(_('%1$s groups, page %2$d'),
-                           $this->user->nickname,
+                           $this->getTarget()->getNickname(),
                            $this->page);
         }
     }
 
+    function showPageNotice()
+    {
+        if ($this->scoped instanceof Profile && $this->scoped->sameAs($this->getTarget())) {
+            $this->element('p', 'instructions',
+                           // TRANS: Page notice for page with an overview of all subscribed groups
+                           // TRANS: of the logged in user's own profile.
+                           _('These are the groups whose notices '.
+                             'you listen to.'));
+        } else {
+            $this->element('p', 'instructions',
+                           // TRANS: Page notice for page with an overview of all groups a user other
+                           // TRANS: than the logged in user. %s is the user nickname.
+                           sprintf(_('These are the groups whose '.
+                                     'notices %s listens to.'),
+                                   $this->target->getNickname()));
+        }
+    }
+
     function showContent()
     {
-        $this->elementStart('p', array('id' => 'new_group'));
+        if ($this->scoped instanceof Profile && $this->scoped->sameAs($this->getTarget())) {
-        $this->element('a', array('href' => common_local_url('newgroup'),
+	  $notice =
-                                  'class' => 'more'),
+          // TRANS: Page notice of user's groups page.
-                       // TRANS: Link text on group page to create a new group.
+          // TRANS: %%%%action.groupsearch%%%% and %%%%action.newgroup%%%% are URLs. Do not change them.
-                       _('Create a new group'));
+          // TRANS: This message contains Markdown links in the form [link text](link).
-        $this->elementEnd('p');
+          sprintf(_('Groups let you find and talk with ' .
-
+		    'people of similar interests. ' .
-        $this->elementStart('p', array('id' => 'group_search'));
+		    'You can [search for groups](%%%%action.groups%%%%) in your instance or ' .
-        $this->element('a', array('href' => common_local_url('groupsearch'),
+                    '[create a new group](%%%%action.newgroup%%%%). ' .
-                                  'class' => 'more'),
+		    'You can also follow groups ' .
-                       // TRANS: Link text on group page to search for groups.
+		    'from other GNU social instances: click on the remote button below ' .
-                       _('Search for more groups'));
+		    'and copy the group\'s link. ' .
-        $this->elementEnd('p');
+		    'You can find a list of GNU social groups [here](http://skilledtests.com/wiki/List_of_federated_GNU_social_groups)' .
+		    ''));
+	  $this->elementStart('div', 'instructions');
+	  $this->raw(common_markup_to_html($notice));
+	  $this->elementEnd('div');
+	}
 
         if (Event::handle('StartShowUserGroupsContent', array($this))) {
             $offset = ($this->page-1) * GROUPS_PER_PAGE;
             $limit =  GROUPS_PER_PAGE + 1;
 
-            $groups = $this->user->getGroups($offset, $limit);
+            $groups = $this->getTarget()->getGroups($offset, $limit);
 
             if ($groups instanceof User_group) {
-                $gl = new GroupList($groups, $this->user, $this);
+                $gl = new GroupList($groups, $this->getTarget(), $this);
                 $cnt = $gl->show();
+		if (0 == $cnt) {
+		  $this->showEmptyListMessage();
+		} else {
 		  $this->pagination($this->page > 1, $cnt > GROUPS_PER_PAGE,
 				    $this->page, 'usergroups',
-                              array('nickname' => $this->user->nickname));
+				    array('nickname' => $this->getTarget()->getNickname()));
-            } else {
+		}
-                $this->showEmptyListMessage();
             }
 
             Event::handle('EndShowUserGroupsContent', array($this));
@@ -102,14 +127,14 @@ class UsergroupsAction extends GalleryAction
     {
         // TRANS: Text on group page for a user that is not a member of any group.
         // TRANS: %s is a user nickname.
-        $message = sprintf(_('%s is not a member of any group.'), $this->user->nickname) . ' ';
+        $message = sprintf(_('%s is not a member of any group.'), $this->getTarget()->getNickname()) . ' ';
-
         if (common_logged_in()) {
-            $current_user = common_current_user();
+            if ($this->scoped->sameAs($this->getTarget())) {
-            if ($this->user->id === $current_user->id) {
                 // TRANS: Text on group page for a user that is not a member of any group. This message contains
                 // TRANS: a Markdown link in the form [link text](link) and a variable that should not be changed.
-                $message .= _('Try [searching for groups](%%action.groupsearch%%) and joining them.');
+	        $message = _('You are not member of any group yet. After you join a group ' .
+			     'you can send messages to its members using the ' .
+			     'syntax "!groupname".');
             }
 	}
         $this->elementStart('div', 'guide');
@@ -119,7 +144,7 @@ class UsergroupsAction extends GalleryAction
 
     function showProfileBlock()
     {
-        $block = new AccountProfileBlock($this, $this->profile);
+        $block = new AccountProfileBlock($this, $this->getTarget());
         $block->show();
     }
 }

actions/userrss.php

@@ -17,100 +17,54 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
+if (!defined('GNUSOCIAL')) { exit(1); }
-
-require_once(INSTALLDIR.'/lib/rssaction.php');
 
 // Formatting of RSS handled by Rss10Action
 
-class UserrssAction extends Rss10Action
+class UserrssAction extends TargetedRss10Action
 {
-    var $tag  = null;
+    protected $tag = null;
 
-    function prepare($args)
+    protected function doStreamPreparation()
     {
-        parent::prepare($args);
+        parent::doStreamPreparation();
-        $nickname   = $this->trimmed('nickname');
+
-        $this->user = User::getKV('nickname', $nickname);
         $this->tag  = $this->trimmed('tag');
-
-        if (!$this->user) {
-            // TRANS: Client error displayed when user not found for an action.
-            $this->clientError(_('No such user.'));
     }
 
+    protected function getNotices()
+    {
         if (!empty($this->tag)) {
-            $this->notices = $this->getTaggedNotices();
+            $stream = $this->getTarget()->getTaggedNotices($this->tag, 0, $this->limit);
-        } else {
+            return $stream->fetchAll();
-            $this->notices = $this->getNotices();
         }
+        // otherwise we fetch a normal user stream
 
-        return true;
+        $stream = $this->getTarget()->getNotices(0, $this->limit);
-    }
+        return $stream->fetchAll();
-
-    function getTaggedNotices()
-    {
-        $notice = $this->user->getTaggedNotices(
-            $this->tag,
-            0,
-            ($this->limit == 0) ? NOTICES_PER_PAGE : $this->limit,
-            0,
-            0
-        );
-
-        $notices = array();
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
-    }
-
-
-    function getNotices()
-    {
-        $notice = $this->user->getNotices(
-            0,
-            ($this->limit == 0) ? NOTICES_PER_PAGE : $this->limit
-        );
-
-        $notices = array();
-        while ($notice->fetch()) {
-            $notices[] = clone($notice);
-        }
-
-        return $notices;
     }
 
     function getChannel()
     {
-        $user = $this->user;
-        $profile = $user->getProfile();
         $c = array('url' => common_local_url('userrss',
                                              array('nickname' =>
-                                                   $user->nickname)),
+                                                   $this->target->getNickname())),
                    // TRANS: Message is used as link title. %s is a user nickname.
-                   'title' => sprintf(_('%s timeline'), $user->nickname),
+                   'title' => sprintf(_('%s timeline'), $this->target->getNickname()),
-                   'link' => $profile->profileurl,
+                   'link' => $this->target->getUrl(),
                    // TRANS: Message is used as link description. %1$s is a username, %2$s is a site name.
                    'description' => sprintf(_('Updates from %1$s on %2$s!'),
-                                            $user->nickname, common_config('site', 'name')));
+                                            $this->target->getNickname(), common_config('site', 'name')));
         return $c;
     }
 
-    function getImage()
-    {
-        $profile = $this->user->getProfile();
-        return $profile->avatarUrl(AVATAR_PROFILE_SIZE);
-    }
-
     // override parent to add X-SUP-ID URL
 
-    function initRss($limit=0)
+    function initRss()
     {
-        $url = common_local_url('sup', null, null, $this->user->id);
+        $url = common_local_url('sup', null, null, $this->target->getID());
         header('X-SUP-ID: '.$url);
-        parent::initRss($limit);
+        parent::initRss();
     }
 
     function isReadOnly($args)

classes/Attention.php

@@ -22,7 +22,7 @@ class Attention extends Managed_DataObject
     public $__table = 'attention';  // table name
     public $notice_id;              // int(4) primary_key not_null
     public $profile_id;             // int(4) primary_key not_null
-    public $reason;                 // varchar(255)
+    public $reason;                 // varchar(191)   not 255 because utf8mb4 takes more space
     public $created;                // datetime()   not_null
     public $modified;               // timestamp   not_null default_CURRENT_TIMESTAMP
 
@@ -33,7 +33,7 @@ class Attention extends Managed_DataObject
             'fields' => array(
                 'notice_id' => array('type' => 'int', 'not null' => true, 'description' => 'notice_id to give attention'),
                 'profile_id' => array('type' => 'int', 'not null' => true, 'description' => 'profile_id for feed receiver'),
-                'reason' => array('type' => 'varchar', 'length' => 255, 'description' => 'Optional reason why this was brought to the attention of profile_id'),
+                'reason' => array('type' => 'varchar', 'length' => 191, 'description' => 'Optional reason why this was brought to the attention of profile_id'),
                 'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date this record was created'),
                 'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'),
             ),
@@ -49,18 +49,23 @@ class Attention extends Managed_DataObject
         );
     }
 
-    public static function saveNew(Notice $notice, Profile $profile, $reason=null)
+    public static function saveNew(Notice $notice, Profile $target, $reason=null)
     {
+        try {
+            $att = Attention::getByKeys(['notice_id'=>$notice->getID(), 'profile_id'=>$target->getID()]);
+            throw new AlreadyFulfilledException('Attention already exists with reason: '.var_export($att->reason,true));
+        } catch (NoResultException $e) {
             $att = new Attention();
         
             $att->notice_id = $notice->getID();
-        $att->profile_id = $profile->getID();
+            $att->profile_id = $target->getID();
             $att->reason = $reason;
             $att->created = common_sql_now();
             $result = $att->insert();
 
             if ($result === false) {
-            throw new Exception('Could not saveNew in Attention');
+                throw new Exception('Failed Attention::saveNew for notice id=='.$notice->getID().' target id=='.$target->getID().', reason=="'.$reason.'"');
+            }
         }
         return $att;
     }

classes/Avatar.php

@@ -1,28 +1,23 @@
 <?php
+
+if (!defined('GNUSOCIAL')) { exit(1); }
+
 /**
  * Table Definition for avatar
  */
-require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
 
 class Avatar extends Managed_DataObject
 {
-    ###START_AUTOCODE
-    /* the code below is auto generated do not remove the above tag */
-
     public $__table = 'avatar';                          // table name
     public $profile_id;                      // int(4)  primary_key not_null
     public $original;                        // tinyint(1)
     public $width;                           // int(4)  primary_key not_null
     public $height;                          // int(4)  primary_key not_null
     public $mediatype;                       // varchar(32)   not_null
-    public $filename;                        // varchar(255)
+    public $filename;                        // varchar(191)   not 255 because utf8mb4 takes more space
-    public $url;                             // varchar(255)  unique_key
     public $created;                         // datetime()   not_null
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 	
-    /* the code above is auto generated do not remove the tag below */
-    ###END_AUTOCODE
-	
     public static function schemaDef()
     {
         return array(
@@ -32,14 +27,13 @@ class Avatar extends Managed_DataObject
                 'width' => array('type' => 'int', 'not null' => true, 'description' => 'image width'),
                 'height' => array('type' => 'int', 'not null' => true, 'description' => 'image height'),
                 'mediatype' => array('type' => 'varchar', 'length' => 32, 'not null' => true, 'description' => 'file type'),
-                'filename' => array('type' => 'varchar', 'length' => 255, 'description' => 'local filename, if local'),
+                'filename' => array('type' => 'varchar', 'length' => 191, 'description' => 'local filename, if local'),
-                'url' => array('type' => 'varchar', 'length' => 255, 'description' => 'avatar location'),
                 'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date this record was created'),
                 'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'),
             ),
             'primary key' => array('profile_id', 'width', 'height'),
             'unique keys' => array(
-                'avatar_url_key' => array('url'),
+//                'avatar_filename_key' => array('filename'),
             ),
             'foreign keys' => array(
                 'avatar_profile_id_fkey' => array('profile', array('profile_id' => 'id')),
@@ -193,16 +187,7 @@ class Avatar extends Managed_DataObject
             $server = common_config('site', 'server');
         }
 
-        $ssl = common_config('avatar', 'ssl');
+        $ssl = (common_config('avatar', 'ssl') || GNUsocial::useHTTPS());
-
-        if (is_null($ssl)) { // null -> guess
-            if (common_config('site', 'ssl') == 'always' &&
-                !common_config('avatar', 'server')) {
-                $ssl = true;
-            } else {
-                $ssl = false;
-            }
-        }
 
         $protocol = ($ssl) ? 'https' : 'http';
 
@@ -211,12 +196,7 @@ class Avatar extends Managed_DataObject
 
     function displayUrl()
     {
-        $server = common_config('avatar', 'server');
-        if ($server && !empty($this->filename)) {
         return Avatar::url($this->filename);
-        } else {
-            return $this->url;
-        }
     }
 
     static function urlByProfile(Profile $target, $width=null, $height=null) {
@@ -241,17 +221,21 @@ class Avatar extends Managed_DataObject
             // TRANS: An error message when avatar size is unreasonable
             throw new Exception(_m('Avatar size too large'));
         }
+        // So far we only have square avatars and I don't have time to
+        // rewrite support for non-square ones right now ;)
+        $height = $width;
 
         $original = Avatar::getUploaded($target);
 
-        $imagefile = new ImageFile($target->id, Avatar::path($original->filename));
+        $imagefile = new ImageFile(null, Avatar::path($original->filename));
-        $filename = $imagefile->resize($width);
+        $filename = Avatar::filename($target->getID(), image_type_to_extension($imagefile->preferredType()),
+                                     $width, common_timestamp());
+        $imagefile->resizeTo(Avatar::path($filename), array('width'=>$width, 'height'=>$height));
 
         $scaled = clone($original);
         $scaled->original = false;
         $scaled->width = $width;
-        $scaled->height = $width;
+        $scaled->height = $height;
-        $scaled->url = Avatar::url($filename);
         $scaled->filename = $filename;
         $scaled->created = common_sql_now();
 

classes/Config.php

@@ -17,16 +17,12 @@
  * along with this program.     If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('STATUSNET')) {
+if (!defined('GNUSOCIAL')) { exit(1); }
-    exit(1);
-}
 
 /**
  * Table Definition for config
  */
 
-require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
-
 class Config extends Managed_DataObject
 {
     ###START_AUTOCODE
@@ -35,7 +31,7 @@ class Config extends Managed_DataObject
     public $__table = 'config';                          // table name
     public $section;                         // varchar(32)  primary_key not_null
     public $setting;                         // varchar(32)  primary_key not_null
-    public $value;                           // varchar(255)
+    public $value;                           // text
 
     /* the code above is auto generated do not remove the tag below */
     ###END_AUTOCODE
@@ -46,7 +42,7 @@ class Config extends Managed_DataObject
             'fields' => array(
                 'section' => array('type' => 'varchar', 'length' => 32, 'not null' => true, 'default' => '', 'description' => 'configuration section'),
                 'setting' => array('type' => 'varchar', 'length' => 32, 'not null' => true, 'default' => '', 'description' => 'configuration setting'),
-                'value' => array('type' => 'varchar', 'length' => 255, 'description' => 'configuration value'),
+                'value' => array('type' => 'text', 'description' => 'configuration value'),
             ),
             'primary key' => array('section', 'setting'),
         );

classes/Confirm_address.php

@@ -2,34 +2,27 @@
 /**
  * Table Definition for confirm_address
  */
-require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
 
 class Confirm_address extends Managed_DataObject 
 {
-    ###START_AUTOCODE
-    /* the code below is auto generated do not remove the above tag */
-
     public $__table = 'confirm_address';                 // table name
     public $code;                            // varchar(32)  primary_key not_null
     public $user_id;                         // int(4)   not_null
-    public $address;                         // varchar(255)   not_null
+    public $address;                         // varchar(191)   not_null   not 255 because utf8mb4 takes more space
-    public $address_extra;                   // varchar(255)   not_null
+    public $address_extra;                   // varchar(191)   not_null   not 255 because utf8mb4 takes more space
     public $address_type;                    // varchar(8)   not_null
     public $claimed;                         // datetime()  
     public $sent;                            // datetime()  
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 
-    /* the code above is auto generated do not remove the tag below */
-    ###END_AUTOCODE
-
     public static function schemaDef()
     {
         return array(
             'fields' => array(
                 'code' => array('type' => 'varchar', 'length' => 32, 'not null' => true, 'description' => 'good random code'),
                 'user_id' => array('type' => 'int', 'not null' => true, 'description' => 'user who requested confirmation'),
-                'address' => array('type' => 'varchar', 'length' => 255, 'not null' => true, 'description' => 'address (email, xmpp, SMS, etc.)'),
+                'address' => array('type' => 'varchar', 'length' => 191, 'not null' => true, 'description' => 'address (email, xmpp, SMS, etc.)'),
-                'address_extra' => array('type' => 'varchar', 'length' => 255, 'not null' => true, 'description' => 'carrier ID, for SMS'),
+                'address_extra' => array('type' => 'varchar', 'length' => 191, 'description' => 'carrier ID, for SMS'),
                 'address_type' => array('type' => 'varchar', 'length' => 8, 'not null' => true, 'description' => 'address type ("email", "xmpp", "sms")'),
                 'claimed' => array('type' => 'datetime', 'description' => 'date this was claimed for queueing'),
                 'sent' => array('type' => 'datetime', 'description' => 'date this was sent for queueing'),

classes/Consumer.php

@@ -10,8 +10,8 @@ class Consumer extends Managed_DataObject
     /* the code below is auto generated do not remove the above tag */
 
     public $__table = 'consumer';                        // table name
-    public $consumer_key;                    // varchar(255)  primary_key not_null
+    public $consumer_key;                    // varchar(191)  primary_key not_null   not 255 because utf8mb4 takes more space
-    public $consumer_secret;                 // varchar(255)   not_null
+    public $consumer_secret;                 // varchar(191)   not_null   not 255 because utf8mb4 takes more space
     public $seed;                            // char(32)   not_null
     public $created;                         // datetime   not_null
     public $modified;                        // timestamp   not_null default_CURRENT_TIMESTAMP
@@ -24,8 +24,8 @@ class Consumer extends Managed_DataObject
         return array(
             'description' => 'OAuth consumer record',
             'fields' => array(
-                'consumer_key' => array('type' => 'varchar', 'length' => 255, 'not null' => true, 'description' => 'unique identifier, root URL'),
+                'consumer_key' => array('type' => 'varchar', 'length' => 191, 'not null' => true, 'description' => 'unique identifier, root URL'),
-                'consumer_secret' => array('type' => 'varchar', 'length' => 255, 'not null' => true, 'description' => 'secret value'),
+                'consumer_secret' => array('type' => 'varchar', 'length' => 191, 'not null' => true, 'description' => 'secret value'),
                 'seed' => array('type' => 'char', 'length' => 32, 'not null' => true, 'description' => 'seed for new tokens by this consumer'),
 
                 'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date this record was created'),

classes/Conversation.php

@@ -34,8 +34,8 @@ if (!defined('GNUSOCIAL')) { exit(1); }
 class Conversation extends Managed_DataObject
 {
     public $__table = 'conversation';        // table name
-    public $id;                              // int(4)  primary_key not_null
+    public $id;                              // int(4)  primary_key not_null auto_increment
-    public $uri;                             // varchar(255)  unique_key
+    public $uri;                             // varchar(191)  unique_key   not 255 because utf8mb4 takes more space
     public $created;                         // datetime   not_null
     public $modified;                        // timestamp   not_null default_CURRENT_TIMESTAMP
 
@@ -43,8 +43,8 @@ class Conversation extends Managed_DataObject
     {
         return array(
             'fields' => array(
-                'id' => array('type' => 'int', 'not null' => true, 'description' => 'should be set from root notice id (since 2014-03-01 commit)'),
+                'id' => array('type' => 'serial', 'not null' => true, 'description' => 'Unique identifier, (again) unrelated to notice id since 2016-01-06'),
-                'uri' => array('type' => 'varchar', 'not null'=>true, 'length' => 255, 'description' => 'URI of the conversation'),
+                'uri' => array('type' => 'varchar', 'not null'=>true, 'length' => 191, 'description' => 'URI of the conversation'),
                 'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date this record was created'),
                 'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'),
             ),
@@ -55,6 +55,32 @@ class Conversation extends Managed_DataObject
         );
     }
 
+    static public function beforeSchemaUpdate()
+    {
+        $table = strtolower(get_called_class());
+        $schema = Schema::get();
+        $schemadef = $schema->getTableDef($table);
+
+        // 2016-01-06 We have to make sure there is no conversation with id==0 since it will screw up auto increment resequencing
+        if ($schemadef['fields']['id']['auto_increment']) {
+            // since we already have auto incrementing ('serial') we can continue
+            return;
+        }
+
+        // The conversation will be recreated in upgrade.php, which will
+        // generate a new URI, but that's collateral damage for you.
+        $conv = new Conversation();
+        $conv->id = 0;
+        if ($conv->find()) {
+            while ($conv->fetch()) {
+                // Since we have filtered on 0 this only deletes such entries
+                // which I have been afraid wouldn't work, but apparently does!
+                // (I thought it would act as null or something and find _all_ conversation entries)
+                $conv->delete();
+            }
+        }
+    }
+
     /**
      * Factory method for creating a new conversation.
      *
@@ -63,25 +89,17 @@ class Conversation extends Managed_DataObject
      *
      * @return Conversation the new conversation DO
      */
-    static function create(Notice $notice, $uri=null)
+    static function create($uri=null, $created=null)
     {
-        if (empty($notice->id)) {
+        // Be aware that the Notice does not have an id yet since it's not inserted!
-            throw new ServerException(_('Tried to create conversation for not yet inserted notice'));
-        }
         $conv = new Conversation();
-        $conv->created = common_sql_now();
+        $conv->created = $created ?: common_sql_now();
-        $conv->id = $notice->id;
+        $conv->uri = $uri ?: sprintf('%s%s=%s:%s=%s',
-        $conv->uri = $uri ?: sprintf('%s%s=%d:%s=%s:%s=%x',
                              TagURI::mint(),
-                             'noticeId', $notice->id,
                              'objectType', 'thread',
-                             'crc32', crc32($notice->content));
+                             'nonce', common_random_hexstr(8));
-        $result = $conv->insert();
+        // This insert throws exceptions on failure
-
+        $conv->insert();
-        if ($result === false) {
-            common_log_db_error($conv, 'INSERT', __FILE__);
-            throw new ServerException(_('Failed to create conversation for notice'));
-        }
 
         return $conv;
     }
@@ -108,8 +126,8 @@ class Conversation extends Managed_DataObject
 
     static public function getUrlFromNotice(Notice $notice, $anchor=true)
     {
-        $conv = self::getKV('id', $notice->conversation);
+        $conv = Conversation::getByID($notice->conversation);
-        return $conv->getUrl($anchor ? $notice->id : null);
+        return $conv->getUrl($anchor ? $notice->getID() : null);
     }
 
     public function getUri()
@@ -120,18 +138,25 @@ class Conversation extends Managed_DataObject
     public function getUrl($noticeId=null)
     {
         // FIXME: the URL router should take notice-id as an argument...
-        return common_local_url('conversation', array('id' => $this->id)) .
+        return common_local_url('conversation', array('id' => $this->getID())) .
                 ($noticeId===null ? '' : "#notice-{$noticeId}");
     }
 
     // FIXME: ...will 500 ever be too low? Taken from ConversationAction::MAX_NOTICES
-    public function getNotices($offset=0, $limit=500, Profile $scoped=null)
+    public function getNotices(Profile $scoped=null, $offset=0, $limit=500)
     {
-        if ($scoped === null) {
+        $stream = new ConversationNoticeStream($this->getID(), $scoped);
-            $scoped = Profile::current();
-        }
-        $stream = new ConversationNoticeStream($this->id, $scoped);
         $notices = $stream->getNotices($offset, $limit);
         return $notices;
     }
+
+    public function insert()
+    {
+        $result = parent::insert();
+        if ($result === false) {
+            common_log_db_error($this, 'INSERT', __FILE__);
+            throw new ServerException(_('Failed to insert Conversation into database'));
+        }
+        return $result;
+    }
 }

classes/Deleted_notice.php

@@ -1,63 +0,0 @@
-<?php
-/*
- * Laconica - a distributed open-source microblogging tool
- * Copyright (C) 2008, 2009, Control Yourself, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.     See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.     If not, see <http://www.gnu.org/licenses/>.
- */
-
-if (!defined('STATUSNET')) {
-    exit(1);
-}
-
-/**
- * Table Definition for notice
- */
-require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
-
-class Deleted_notice extends Managed_DataObject
-{
-    ###START_AUTOCODE
-    /* the code below is auto generated do not remove the above tag */
-
-    public $__table = 'deleted_notice';                  // table name
-    public $id;                              // int(4)  primary_key not_null
-    public $profile_id;                      // int(4)   not_null
-    public $uri;                             // varchar(255)  unique_key
-    public $created;                         // datetime()   not_null
-    public $deleted;                         // datetime()   not_null
-
-    /* the code above is auto generated do not remove the tag below */
-    ###END_AUTOCODE
-
-    public static function schemaDef()
-    {
-        return array(
-            'fields' => array(
-                'id' => array('type' => 'int', 'not null' => true, 'description' => 'identity of notice'),
-                'profile_id' => array('type' => 'int', 'not null' => true, 'description' => 'author of the notice'),
-                'uri' => array('type' => 'varchar', 'length' => 255, 'description' => 'universally unique identifier, usually a tag URI'),
-                'created' => array('type' => 'datetime', 'not null' => true, 'description' => 'date the notice record was created'),
-                'deleted' => array('type' => 'datetime', 'not null' => true, 'description' => 'date the notice record was created'),
-            ),
-            'primary key' => array('id'),
-            'unique keys' => array(
-                'deleted_notice_uri_key' => array('uri'),
-            ),
-            'indexes' => array(
-                'deleted_notice_profile_id_idx' => array('profile_id'),
-            ),
-        );
-    }
-}

classes/File.php

@@ -26,29 +26,36 @@ class File extends Managed_DataObject
 {
     public $__table = 'file';                            // table name
     public $id;                              // int(4)  primary_key not_null
-    public $url;                             // varchar(255)  unique_key
+    public $urlhash;                         // varchar(64)  unique_key
+    public $url;                             // text
+    public $filehash;                        // varchar(64)     indexed
     public $mimetype;                        // varchar(50)
     public $size;                            // int(4)
-    public $title;                           // varchar(255)
+    public $title;                           // text()
     public $date;                            // int(4)
     public $protected;                       // int(4)
-    public $filename;                        // varchar(255)
+    public $filename;                        // text()
     public $width;                           // int(4)
     public $height;                          // int(4)
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 
+    const URLHASH_ALG = 'sha256';
+    const FILEHASH_ALG = 'sha256';
+
     public static function schemaDef()
     {
         return array(
             'fields' => array(
                 'id' => array('type' => 'serial', 'not null' => true),
-                'url' => array('type' => 'varchar', 'length' => 255, 'description' => 'destination URL after following redirections'),
+                'urlhash' => array('type' => 'varchar', 'length' => 64, 'not null' => true, 'description' => 'sha256 of destination URL (url field)'),
+                'url' => array('type' => 'text', 'description' => 'destination URL after following possible redirections'),
+                'filehash' => array('type' => 'varchar', 'length' => 64, 'not null' => false, 'description' => 'sha256 of the file contents, only for locally stored files of course'),
                 'mimetype' => array('type' => 'varchar', 'length' => 50, 'description' => 'mime type of resource'),
                 'size' => array('type' => 'int', 'description' => 'size of resource when available'),
-                'title' => array('type' => 'varchar', 'length' => 255, 'description' => 'title of resource when available'),
+                'title' => array('type' => 'text', 'description' => 'title of resource when available'),
                 'date' => array('type' => 'int', 'description' => 'date of resource according to http query'),
                 'protected' => array('type' => 'int', 'description' => 'true when URL is private (needs login)'),
-                'filename' => array('type' => 'varchar', 'length' => 255, 'description' => 'if a local file, name of the file'),
+                'filename' => array('type' => 'text', 'description' => 'if file is stored locally (too) this is the filename'),
                 'width' => array('type' => 'int', 'description' => 'width in pixels, if it can be described as such and data is available'),
                 'height' => array('type' => 'int', 'description' => 'height in pixels, if it can be described as such and data is available'),
 
@@ -56,13 +63,28 @@ class File extends Managed_DataObject
             ),
             'primary key' => array('id'),
             'unique keys' => array(
-                'file_url_key' => array('url'),
+                'file_urlhash_key' => array('urlhash'),
+            ),
+            'indexes' => array(
+                'file_filehash_idx' => array('filehash'),
             ),
         );
     }
 
-    function isProtected($url) {
+    public static function isProtected($url) {
-        return 'http://www.facebook.com/login.php' === $url;
+
+		$protected_urls_exps = array(
+			'https://www.facebook.com/login.php',
+        	common_path('main/login')
+        	);
+
+		foreach ($protected_urls_exps as $protected_url_exp) {
+			if (preg_match('!^'.preg_quote($protected_url_exp).'(.*)$!i', $url) === 1) {
+				return true;
+			}
+		}
+
+		return false;
     }
 
     /**
@@ -72,14 +94,18 @@ class File extends Managed_DataObject
      * @param string $given_url
      * @return File
      */
-    public static function saveNew(array $redir_data, $given_url) {
+    public static function saveNew(array $redir_data, $given_url)
-
+    {
-        // I don't know why we have to keep doing this but I'm adding this last check to avoid
+        $file = null;
+        try {
+            // I don't know why we have to keep doing this but we run a last check to avoid
             // uniqueness bugs.
+            $file = File::getByUrl($given_url);
+            return $file;
+        } catch (NoResultException $e) {
+            // We don't have the file's URL since before, so let's continue.
+        }
 
-        $file = File::getKV('url', $given_url);
-        
-        if (!$file instanceof File) {
         $file = new File;
         $file->url = $given_url;
         if (!empty($redir_data['protected'])) $file->protected = $redir_data['protected'];
@@ -87,12 +113,24 @@ class File extends Managed_DataObject
         if (!empty($redir_data['type'])) $file->mimetype = $redir_data['type'];
         if (!empty($redir_data['size'])) $file->size = intval($redir_data['size']);
         if (isset($redir_data['time']) && $redir_data['time'] > 0) $file->date = intval($redir_data['time']);
-            $file_id = $file->insert();
+        $file->saveFile();
+        return $file;
     }
 
-        Event::handle('EndFileSaveNew', array($file, $redir_data, $given_url));
+    public function saveFile() {
-        assert ($file instanceof File);
+        $this->urlhash = self::hashurl($this->url);
-        return $file;
+
+        if (!Event::handle('StartFileSaveNew', array(&$this))) {
+            throw new ServerException('File not saved due to an aborted StartFileSaveNew event.');
+        }
+
+        $this->id = $this->insert();
+
+        if ($this->id === false) {
+            throw new ServerException('File/URL metadata could not be saved to the database.');
+        }
+
+        Event::handle('EndFileSaveNew', array($this));
     }
 
     /**
@@ -103,16 +141,15 @@ class File extends Managed_DataObject
      * - optionally save a file_to_post record
      * - return the File object with the full reference
      *
-     * @fixme refactor this mess, it's gotten pretty scary.
      * @param string $given_url the URL we're looking at
-     * @param int $notice_id (optional)
+     * @param Notice $notice (optional)
      * @param bool $followRedirects defaults to true
      *
      * @return mixed File on success, -1 on some errors
      *
      * @throws ServerException on failure
      */
-    public static function processNew($given_url, $notice_id=null, $followRedirects=true) {
+    public static function processNew($given_url, Notice $notice=null, $followRedirects=true) {
         if (empty($given_url)) {
             throw new ServerException('No given URL to process');
         }
@@ -122,64 +159,18 @@ class File extends Managed_DataObject
             throw new ServerException('No canonical URL from given URL to process');
         }
 
-        $file = File::getKV('url', $given_url);
+        $redir = File_redirection::where($given_url);
-        if (!$file instanceof File) {
+        $file = $redir->getFile();
-            // First check if we have a lookup trace for this URL already
-            $file_redir = File_redirection::getKV('url', $given_url);
-            if ($file_redir instanceof File_redirection) {
-                $file = File::getKV('id', $file_redir->file_id);
-                if (!$file instanceof File) {
-                    // File did not exist, let's clean up the File_redirection entry
-                    $file_redir->delete();
-                }
-            }
 
-            // If we still don't have a File object, let's create one now!
+        if (!$file instanceof File || empty($file->id)) {
-            if (!$file instanceof File) {
+            // This should not happen
-                // @fixme for new URLs this also looks up non-redirect data
-                // such as target content type, size, etc, which we need
-                // for File::saveNew(); so we call it even if not following
-                // new redirects.
-                $redir_data = File_redirection::where($given_url);
-                if (is_array($redir_data)) {
-                    $redir_url = $redir_data['url'];
-                } elseif (is_string($redir_data)) {
-                    $redir_url = $redir_data;
-                    $redir_data = array();
-                } else {
-                    // TRANS: Server exception thrown when a URL cannot be processed.
-                    throw new ServerException(sprintf(_("Cannot process URL '%s'"), $given_url));
-                }
-
-                // TODO: max field length
-                if ($redir_url === $given_url || strlen($redir_url) > 255 || !$followRedirects) {
-                    // Save the File object based on our lookup trace
-                    $file = File::saveNew($redir_data, $given_url);
-                } else {
-                    // This seems kind of messed up... for now skipping this part
-                    // if we're already under a redirect, so we don't go into
-                    // horrible infinite loops if we've been given an unstable
-                    // redirect (where the final destination of the first request
-                    // doesn't match what we get when we ask for it again).
-                    //
-                    // Seen in the wild with clojure.org, which redirects through
-                    // wikispaces for auth and appends session data in the URL params.
-                    $file = self::processNew($redir_url, $notice_id, /*followRedirects*/false);
-                    File_redirection::saveNew($redir_data, $file->id, $given_url);
-                }
-            }
-
-            if (!$file instanceof File) {
-                // This should only happen if File::saveNew somehow did not return a File object,
-                // though we have an assert for that in case the event there might've gone wrong.
-                // If anything else goes wrong, there should've been an exception thrown.
             throw new ServerException('URL processing failed without new File object');
         }
+
+        if ($notice instanceof Notice) {
+            File_to_post::processNew($file, $notice);
         }
 
-        if (!empty($notice_id)) {
-            File_to_post::processNew($file->id, $notice_id);
-        }
         return $file;
     }
 
@@ -233,16 +224,20 @@ class File extends Managed_DataObject
         return true;
     }
 
+    public function getFilename()
+    {
+        if (!self::validFilename($this->filename)) {
+            // TRANS: Client exception thrown if a file upload does not have a valid name.
+            throw new ClientException(_("Invalid filename."));
+        }
+        return $this->filename;
+    }
+
     // where should the file go?
 
     static function filename(Profile $profile, $origname, $mimetype)
     {
-        try {
+        $ext = self::guessMimeExtension($mimetype);
-            $ext = common_supported_mime_to_ext($mimetype);
-        } catch (Exception $e) {
-            // We don't support this mimetype, but let's guess the extension
-            $ext = substr(strrchr($mimetype, '/'), 1);
-        }
 
         // Normalize and make the original filename more URL friendly.
         $origname = basename($origname, ".$ext");
@@ -263,6 +258,21 @@ class File extends Managed_DataObject
         return $filename;
     }
 
+    static function guessMimeExtension($mimetype)
+    {
+        try {
+            $ext = common_supported_mime_to_ext($mimetype);
+        } catch (Exception $e) {
+            // We don't support this mimetype, but let's guess the extension
+            $matches = array();
+            if (!preg_match('/\/([a-z0-9]+)/', mb_strtolower($mimetype), $matches)) {
+                throw new Exception('Malformed mimetype: '.$mimetype);
+            }
+            $ext = $matches[1];
+        }
+        return mb_strtolower($ext);
+    }
+
     /**
      * Validation for as-saved base filenames
      */
@@ -303,7 +313,7 @@ class File extends Managed_DataObject
 
         }
 
-        if (StatusNet::useHTTPS()) {
+        if (GNUsocial::useHTTPS()) {
 
             $sslserver = common_config('attachments', 'sslserver');
 
@@ -350,28 +360,48 @@ class File extends Managed_DataObject
         return $protocol.'://'.$server.$path.$filename;
     }
 
+    static $_enclosures = array();
+
     function getEnclosure(){
-        $enclosure = (object) array();
+        if (isset(self::$_enclosures[$this->getID()])) {
-        foreach (array('title', 'url', 'date', 'modified', 'size', 'mimetype') as $key) {
+            return self::$_enclosures[$this->getID()];
-            $enclosure->$key = $this->$key;
         }
 
-        $needMoreMetadataMimetypes = array(null, 'application/xhtml+xml');
+        $enclosure = (object) array();
+        foreach (array('title', 'url', 'date', 'modified', 'size', 'mimetype', 'width', 'height') as $key) {
+            if ($this->$key !== '') {
+                $enclosure->$key = $this->$key;
+            }
+        }
+
+        $needMoreMetadataMimetypes = array(null, 'application/xhtml+xml', 'text/html');
 
         if (!isset($this->filename) && in_array(common_bare_mime($enclosure->mimetype), $needMoreMetadataMimetypes)) {
             // This fetches enclosure metadata for non-local links with unset/HTML mimetypes,
             // which may be enriched through oEmbed or similar (implemented as plugins)
             Event::handle('FileEnclosureMetadata', array($this, &$enclosure));
         }
-        if (empty($enclosure->mimetype) || in_array(common_bare_mime($enclosure->mimetype), $needMoreMetadataMimetypes)) {
+        if (empty($enclosure->mimetype)) {
             // This means we either don't know what it is, so it can't
             // be shown as an enclosure, or it is an HTML link which
             // does not link to a resource with further metadata.
             throw new ServerException('Unknown enclosure mimetype, not enough metadata');
         }
+
+        self::$_enclosures[$this->getID()] = $enclosure;
         return $enclosure;
     }
 
+    public function hasThumbnail()
+    {
+        try {
+            $this->getThumbnail();
+        } catch (Exception $e) {
+            return false;
+        }
+        return true;
+    }
+
     /**
      * Get the attachment's thumbnail record, if any.
      * Make sure you supply proper 'int' typed variables (or null).
@@ -381,8 +411,12 @@ class File extends Managed_DataObject
      * @param $crop   bool  Crop to the max-values' aspect ratio
      *
      * @return File_thumbnail
+     *
+     * @throws UseFileAsThumbnailException  if the file is considered an image itself and should be itself as thumbnail
+     * @throws UnsupportedMediaException    if, despite trying, we can't understand how to make a thumbnail for this format
+     * @throws ServerException              on various other errors
      */
-    public function getThumbnail($width=null, $height=null, $crop=false, $force_still=true)
+    public function getThumbnail($width=null, $height=null, $crop=false, $force_still=true, $upscale=null)
     {
         // Get some more information about this file through our ImageFile class
         $image = ImageFile::fromFileObject($this);
@@ -394,99 +428,67 @@ class File extends Managed_DataObject
             }
         }
 
-        if ($width === null) {
+        return $image->getFileThumbnail($width, $height, $crop,
-            $width = common_config('thumbnail', 'width');
+                                        !is_null($upscale) ? $upscale : common_config('thumbnail', 'upscale'));
-            $height = common_config('thumbnail', 'height');
-            $crop = common_config('thumbnail', 'crop');
-        }
-
-        if ($height === null) {
-            $height = $width;
-            $crop = true;
-        }
-
-        // Get proper aspect ratio width and height before lookup
-        // We have to do it through an ImageFile object because of orientation etc.
-        // Only other solution would've been to rotate + rewrite uploaded files.
-        list($width, $height, $x, $y, $w, $h) =
-                                $image->scaleToFit($width, $height, $crop);
-
-        $params = array('file_id'=> $this->id,
-                        'width'  => $width,
-                        'height' => $height);
-        $thumb = File_thumbnail::pkeyGet($params);
-        if ($thumb instanceof File_thumbnail) {
-            return $thumb;
-        }
-
-        // throws exception on failure to generate thumbnail
-        $outname = "thumb-{$width}x{$height}-" . $image->filename;
-        $outpath = self::path($outname);
-
-        // The boundary box for our resizing
-        $box = array('width'=>$width, 'height'=>$height,
-                     'x'=>$x,         'y'=>$y,
-                     'w'=>$w,         'h'=>$h);
-
-        // Doublecheck that parameters are sane and integers.
-        if ($box['width'] < 1 || $box['width'] > common_config('thumbnail', 'maxsize')
-                || $box['height'] < 1 || $box['height'] > common_config('thumbnail', 'maxsize')
-                || $box['w'] < 1 || $box['x'] >= $image->width
-                || $box['h'] < 1 || $box['y'] >= $image->height) {
-            // Fail on bad width parameter. If this occurs, it's due to algorithm in ImageFile->scaleToFit
-            common_debug("Boundary box parameters for resize of {$image->filepath} : ".var_export($box,true));
-            throw new ServerException('Bad thumbnail size parameters.');
-        }
-
-        common_debug(sprintf('Generating a thumbnail of File id==%u of size %ux%u', $this->id, $width, $height));
-        // Perform resize and store into file
-        $image->resizeTo($outpath, $box);
-
-        // Avoid deleting the original
-        if ($image->getPath() != self::path($image->filename)) {
-            $image->unlink();
-        }
-        return File_thumbnail::saveThumbnail($this->id,
-                                      self::url($outname),
-                                      $width, $height,
-                                      $outname);
     }
 
     public function getPath()
     {
-        return self::path($this->filename);
+        $filepath = self::path($this->filename);
+        if (!file_exists($filepath)) {
+            throw new FileNotFoundException($filepath);
+        }
+        return $filepath;
     }
 
-    public function getUrl()
+    public function getUrl($prefer_local=true)
     {
-        if (!empty($this->filename)) {
+        if ($prefer_local && !empty($this->filename)) {
             // A locally stored file, so let's generate a URL for our instance.
-            $url = self::url($this->filename);
+            return self::url($this->filename);
-            if ($url != $this->url) {
-                // For indexing purposes, in case we do a lookup on the 'url' field.
-                // also we're fixing possible changes from http to https, or paths
-                $this->updateUrl($url);
-            }
-            return $url;
         }
 
         // No local filename available, return the URL we have stored
         return $this->url;
     }
 
+    static public function getByUrl($url)
+    {
+        $file = new File();
+        $file->urlhash = self::hashurl($url);
+        if (!$file->find(true)) {
+            throw new NoResultException($file);
+        }
+        return $file;
+    }
+
+    /**
+     * @param   string  $hashstr    String of (preferrably lower case) hexadecimal characters, same as result of 'hash_file(...)'
+     */
+    static public function getByHash($hashstr)
+    {
+        $file = new File();
+        $file->filehash = strtolower($hashstr);
+        if (!$file->find(true)) {
+            throw new NoResultException($file);
+        }
+        return $file;
+    }
+
     public function updateUrl($url)
     {
-        $file = File::getKV('url', $url);
+        $file = File::getKV('urlhash', self::hashurl($url));
         if ($file instanceof File) {
             throw new ServerException('URL already exists in DB');
         }
-        $sql = 'UPDATE %1$s SET url=%2$s WHERE url=%3$s;';
+        $sql = 'UPDATE %1$s SET urlhash=%2$s, url=%3$s WHERE urlhash=%4$s;';
-        $result = $this->query(sprintf($sql, $this->__table,
+        $result = $this->query(sprintf($sql, $this->tableName(),
+                                             $this->_quote((string)self::hashurl($url)),
                                              $this->_quote((string)$url),
-                                             $this->_quote((string)$this->url)));
+                                             $this->_quote((string)$this->urlhash)));
         if ($result === false) {
             common_log_db_error($this, 'UPDATE', __FILE__);
-            throw new ServerException("Could not UPDATE {$this->__table}.url");
+            throw new ServerException("Could not UPDATE {$this->tableName()}.url");
         }
 
         return $result;
@@ -502,9 +504,9 @@ class File extends Managed_DataObject
 
     function blowCache($last=false)
     {
-        self::blow('file:notice-ids:%s', $this->url);
+        self::blow('file:notice-ids:%s', $this->id);
         if ($last) {
-            self::blow('file:notice-ids:%s;last', $this->url);
+            self::blow('file:notice-ids:%s;last', $this->id);
         }
         self::blow('file:notice-count:%d', $this->id);
     }
@@ -570,6 +572,14 @@ class File extends Managed_DataObject
                     $thumbs->delete();
                 }
             }
+
+            $f2p = new File_to_post();
+            $f2p->file_id = $this->id;
+            if ($f2p->find()) {
+                while ($f2p->fetch()) {
+                    $f2p->delete();
+                }
+            }
         }
 
         // And finally remove the entry from the database
@@ -582,4 +592,87 @@ class File extends Managed_DataObject
 
         return $title ?: null;
     }
+
+    static public function hashurl($url)
+    {
+        if (empty($url)) {
+            throw new Exception('No URL provided to hash algorithm.');
+        }
+        return hash(self::URLHASH_ALG, $url);
+    }
+
+    static public function beforeSchemaUpdate()
+    {
+        $table = strtolower(get_called_class());
+        $schema = Schema::get();
+        $schemadef = $schema->getTableDef($table);
+
+        // 2015-02-19 We have to upgrade our table definitions to have the urlhash field populated
+        if (isset($schemadef['fields']['urlhash']) && isset($schemadef['unique keys']['file_urlhash_key'])) {
+            // We already have the urlhash field, so no need to migrate it.
+            return;
+        }
+        echo "\nFound old $table table, upgrading it to contain 'urlhash' field...";
+
+        $file = new File();
+        $file->query(sprintf('SELECT id, LEFT(url, 191) AS shortenedurl, COUNT(*) AS c FROM %1$s WHERE LENGTH(url)>191 GROUP BY shortenedurl HAVING c > 1', $schema->quoteIdentifier($table)));
+        print "\nFound {$file->N} URLs with too long entries in file table\n";
+        while ($file->fetch()) {
+            // We've got a URL that is too long for our future file table
+            // so we'll cut it. We could save the original URL, but there is
+            // no guarantee it is complete anyway since the previous max was 255 chars.
+            $dupfile = new File();
+            // First we find file entries that would be duplicates of this when shortened
+            // ... and we'll just throw the dupes out the window for now! It's already so borken.
+            $dupfile->query(sprintf('SELECT * FROM file WHERE LEFT(url, 191) = "%1$s"', $file->shortenedurl));
+            // Leave one of the URLs in the database by using ->find(true) (fetches first entry)
+            if ($dupfile->find(true)) {
+                print "\nShortening url entry for $table id: {$file->id} [";
+                $orig = clone($dupfile);
+                $dupfile->url = $file->shortenedurl;    // make sure it's only 191 chars from now on
+                $dupfile->update($orig);
+                print "\nDeleting duplicate entries of too long URL on $table id: {$file->id} [";
+                // only start deleting with this fetch.
+                while($dupfile->fetch()) {
+                    print ".";
+                    $dupfile->delete();
+                }
+                print "]\n";
+            } else {
+                print "\nWarning! URL suddenly disappeared from database: {$file->url}\n";
+            }
+        }
+        echo "...and now all the non-duplicates which are longer than 191 characters...\n";
+        $file->query('UPDATE file SET url=LEFT(url, 191) WHERE LENGTH(url)>191');
+
+        echo "\n...now running hacky pre-schemaupdate change for $table:";
+        // We have to create a urlhash that is _not_ the primary key,
+        // transfer data and THEN run checkSchema
+        $schemadef['fields']['urlhash'] = array (
+                                              'type' => 'varchar',
+                                              'length' => 64,
+                                              'not null' => false,  // this is because when adding column, all entries will _be_ NULL!
+                                              'description' => 'sha256 of destination URL (url field)',
+                                            );
+        $schemadef['fields']['url'] = array (
+                                              'type' => 'text',
+                                              'description' => 'destination URL after following possible redirections',
+                                            );
+        unset($schemadef['unique keys']);
+        $schema->ensureTable($table, $schemadef);
+        echo "DONE.\n";
+
+        $classname = ucfirst($table);
+        $tablefix = new $classname;
+        // urlhash is hash('sha256', $url) in the File table
+        echo "Updating urlhash fields in $table table...";
+        // Maybe very MySQL specific :(
+        $tablefix->query(sprintf('UPDATE %1$s SET %2$s=%3$s;',
+                            $schema->quoteIdentifier($table),
+                            'urlhash',
+                            // The line below is "result of sha256 on column `url`"
+                            'SHA2(url, 256)'));
+        echo "DONE.\n";
+        echo "Resuming core schema upgrade...";
+    }
 }

classes/File_redirection.php

@@ -29,7 +29,8 @@ class File_redirection extends Managed_DataObject
     /* the code below is auto generated do not remove the above tag */
 
     public $__table = 'file_redirection';                // table name
-    public $url;                             // varchar(255)  primary_key not_null
+    public $urlhash;                         // varchar(64) primary_key not_null
+    public $url;                             // text
     public $file_id;                         // int(4)
     public $redirections;                    // int(4)
     public $httpcode;                        // int(4)
@@ -38,29 +39,37 @@ class File_redirection extends Managed_DataObject
     /* the code above is auto generated do not remove the tag below */
     ###END_AUTOCODE
 
+    protected $file; /* Cache the associated file sometimes */
+
     public static function schemaDef()
     {
         return array(
             'fields' => array(
-                'url' => array('type' => 'varchar', 'length' => 255, 'not null' => true, 'description' => 'short URL (or any other kind of redirect) for file (id)'),
+                'urlhash' => array('type' => 'varchar', 'length' => 64, 'not null' => true, 'description' => 'sha256 hash of the URL'),
+                'url' => array('type' => 'text', 'description' => 'short URL (or any other kind of redirect) for file (id)'),
                 'file_id' => array('type' => 'int', 'description' => 'short URL for what URL/file'),
                 'redirections' => array('type' => 'int', 'description' => 'redirect count'),
                 'httpcode' => array('type' => 'int', 'description' => 'HTTP status code (20x, 30x, etc.)'),
                 'modified' => array('type' => 'timestamp', 'not null' => true, 'description' => 'date this record was modified'),
             ),
-            'primary key' => array('url'),
+            'primary key' => array('urlhash'),
             'foreign keys' => array(
                 'file_redirection_file_id_fkey' => array('file' => array('file_id' => 'id')),
             ),
         );
     }
 
+    static public function getByUrl($url)
+    {
+        return self::getByPK(array('urlhash' => File::hashurl($url)));
+    }
+
     static function _commonHttp($url, $redirs) {
         $request = new HTTPClient($url);
         $request->setConfig(array(
             'connect_timeout' => 10, // # seconds to wait
             'max_redirs' => $redirs, // # max number of http redirections to follow
-            'follow_redirects' => true, // Follow redirects
+            'follow_redirects' => false, // We follow redirects ourselves in lib/httpclient.php
             'store_body' => false, // We won't need body content here.
         ));
         return $request;
@@ -87,7 +96,7 @@ class File_redirection extends Managed_DataObject
      *                size (optional): byte size from Content-Length header
      *                time (optional): timestamp from Last-Modified header
      */
-    public function lookupWhere($short_url, $redirs = 10, $protected = false) {
+    static function lookupWhere($short_url, $redirs = 10, $protected = false) {
         if ($redirs < 0) return false;
 
         if(strpos($short_url,'://') === false){
@@ -111,6 +120,8 @@ class File_redirection extends Managed_DataObject
                 // no content it'll be cheap. :)
                 $request = self::_commonHttp($short_url, $redirs);
                 $response = $request->send();
+            } elseif (400 == $response->getStatus()) {
+                throw new Exception('Got error 400 on HEAD request, will not go further.');
             }
         } catch (Exception $e) {
             // Invalid URL or failure to reach server
@@ -118,14 +129,17 @@ class File_redirection extends Managed_DataObject
             return $short_url;
         }
         
-        if ($response->getRedirectCount() && File::isProtected($response->getUrl())) {
+		// if last url after all redirections is protected, 
-            // Bump back up the redirect chain until we find a non-protected URL
+		// use the url before it in the redirection chain
-            return self::lookupWhere($short_url, $response->getRedirectCount() - 1, true);
+        if ($response->getRedirectCount() && File::isProtected($response->getEffectiveUrl())) {
+			$return_url = $response->redirUrls[$response->getRedirectCount()-1];
+        } else {
+			$return_url = $response->getEffectiveUrl();
         }
 
         $ret = array('code' => $response->getStatus()
                 , 'redirects' => $response->getRedirectCount()
-                , 'url' => $response->getUrl());
+                , 'url' => $return_url);
 
         $type = $response->getHeader('Content-Type');
         if ($type) $ret['type'] = $type;
@@ -148,40 +162,70 @@ class File_redirection extends Managed_DataObject
      *
      * @param string $in_url
      * @param boolean $discover true to attempt dereferencing the redirect if we don't know it already
-     * @return mixed one of:
+     * @return File_redirection
-     *         string - target URL, if this is a direct link or a known redirect
-     *         array - redirect info if this is an *unknown* redirect:
-     *              associative array with the following elements:
-     *                code: HTTP status code
-     *                redirects: count of redirects followed
-     *                url: URL string of final target
-     *                type (optional): MIME type from Content-Type header
-     *                size (optional): byte size from Content-Length header
-     *                time (optional): timestamp from Last-Modified header
      */
-    public function where($in_url, $discover=true) {
+    static function where($in_url, $discover=true) {
-        // let's see if we know this...
+        $redir = new File_redirection();
-        $a = File::getKV('url', $in_url);
+        $redir->url = $in_url;
+        $redir->urlhash = File::hashurl($redir->url);
+        $redir->redirections = 0;
 
-        if (!empty($a)) {
+        try {
-            // this is a direct link to $a->url
+            $r = File_redirection::getByUrl($in_url);
-            return $a->url;
+            if($r instanceof File_redirection) {
-        } else {
+				try {
-            $b = File_redirection::getKV('url', $in_url);
+					$f = File::getKV('id',$r->file_id);
-            if (!empty($b)) {
+					$r->file = $f;
-                // this is a redirect to $b->file_id
+					$r->redir_url = $f->url;
-                $a = File::getKV('id', $b->file_id);
+				} catch (NoResultException $e) {
-                return $a->url;
+					// Invalid entry, delete and run again
+					common_log(LOG_ERR, "Could not find File with id=".$r->file_id." referenced in File_redirection, deleting File redirection entry and creating new File and File_redirection entries.");					
+					$r->delete();
+					return self::where($in_url);
+				}
+                return $r;
+            }
+        } catch (NoResultException $e) {
+            try {
+                $f = File::getByUrl($in_url);
+                $redir->file_id = $f->id;
+                $redir->file = $f;
+                return $redir;
+            } catch (NoResultException $e) {                    
+                // Oh well, let's keep going
             }
         }
 
         if ($discover) {    
-            $ret = File_redirection::lookupWhere($in_url);
+            $redir_info = File_redirection::lookupWhere($in_url);
-            return $ret;
+            if(is_string($redir_info)) {
-        } else {
+                $redir_info = array('url' => $redir_info);
-            // No manual dereferencing; leave the unknown URL as is.
-            return $in_url;
             }
+			
+			// Save the file if we don't have it already
+			$redir->file = File::saveNew($redir_info,$redir_info['url']);
+			 
+			// If this is a redirection, save it
+			// (if it hasn't been saved yet by some other process while we we
+			// were running lookupWhere())			
+            if($redir_info['url'] != $in_url) {
+				try {
+					$file_redir = File_redirection::getByUrl($in_url);
+				} catch (NoResultException $e) {
+					$file_redir = new File_redirection();
+					$file_redir->urlhash = File::hashurl($in_url);
+					$file_redir->url = $in_url;
+					$file_redir->file_id = $redir->file->getID();
+					$file_redir->insert();
+					$file_redir->redir_url = $redir->file->url;					
+				}		
+
+				$file_redir->file = $redir->file;		
+				return $file_redir; 
+            } 
+        }
+
+        return $redir;
     }
 
     /**
@@ -198,7 +242,7 @@ class File_redirection extends Managed_DataObject
      * @param User $user whose shortening options to use; defaults to the current web session user
      * @return string
      */
-    function makeShort($long_url, $user=null)
+    static function makeShort($long_url, $user=null)
     {
         $canon = File_redirection::_canonUrl($long_url);
 
@@ -206,11 +250,7 @@ class File_redirection extends Managed_DataObject
 
         // Did we get one? Is it shorter?
 
-        if (!empty($short_url)) {
+        return !empty($short_url) ? $short_url : $long_url;
-            return $short_url;
-        } else {
-            return $long_url;
-        }
     }
 
     /**
@@ -227,55 +267,37 @@ class File_redirection extends Managed_DataObject
      * @return string
      */
 
-    function forceShort($long_url, $user)
+    static function forceShort($long_url, $user)
     {
         $canon = File_redirection::_canonUrl($long_url);
 
         $short_url = File_redirection::_userMakeShort($canon, $user, true);
 
         // Did we get one? Is it shorter?
-        if (!empty($short_url)) {
+        return !empty($short_url) ? $short_url : $long_url;
-            return $short_url;
-        } else {
-            return $long_url;
-        }
     }
 
-    function _userMakeShort($long_url, User $user=null, $force = false) {
+    static function _userMakeShort($long_url, User $user=null, $force = false) {
         $short_url = common_shorten_url($long_url, $user, $force);
         if (!empty($short_url) && $short_url != $long_url) {
             $short_url = (string)$short_url;
             // store it
-            $file = File::getKV('url', $long_url);
+            try {
-            if ($file instanceof File) {
+                $file = File::getByUrl($long_url);
-                $file_id = $file->id;
+            } catch (NoResultException $e) {
-            } else {
                 // Check if the target URL is itself a redirect...
-                $redir_data = File_redirection::where($long_url);
+                // This should already have happened in processNew in common_shorten_url()
-                if (is_array($redir_data)) {
+                $redir = File_redirection::where($long_url);
-                    // We haven't seen the target URL before.
+                $file = $redir->file;
-                    // Save file and embedding data about it!
-                    $file = File::saveNew($redir_data, $long_url);
-                    $file_id = $file->id;
-                } else if (is_string($redir_data)) {
-                    // The file is a known redirect target.
-                    $file = File::getKV('url', $redir_data);
-                    if (empty($file)) {
-                        // @fixme should we save a new one?
-                        // this case was triggering sometimes for redirects
-                        // with unresolvable targets; found while fixing
-                        // "can't linkify" bugs with shortened links to
-                        // SSL sites with cert issues.
-                        return null;
             }
-                    $file_id = $file->id;
+            // Now we definitely have a File object in $file
-                }
+            try {
-            }
+                $file_redir = File_redirection::getByUrl($short_url);
-            $file_redir = File_redirection::getKV('url', $short_url);
+            } catch (NoResultException $e) {
-            if (!$file_redir instanceof File_redirection) {
+                $file_redir = new File_redirection();
-                $file_redir = new File_redirection;
+                $file_redir->urlhash = File::hashurl($short_url);
                 $file_redir->url = $short_url;
-                $file_redir->file_id = $file_id;
+                $file_redir->file_id = $file->getID();
                 $file_redir->insert();
             }
             return $short_url;
@@ -295,7 +317,7 @@ class File_redirection extends Managed_DataObject
      * @param string $default_scheme if given a bare link; defaults to 'http://'
      * @return string
      */
-    function _canonUrl($in_url, $default_scheme = 'http://') {
+    static function _canonUrl($in_url, $default_scheme = 'http://') {
         if (empty($in_url)) return false;
         $out_url = $in_url;
         $p = parse_url($out_url);
@@ -307,6 +329,8 @@ class File_redirection extends Managed_DataObject
                 $out_url = str_replace('.-()', '', $out_url);
                 break;
 
+            // non-HTTP schemes, so no redirects
+            case 'bitcoin':
             case 'mailto':
             case 'aim':
             case 'jabber':
@@ -314,6 +338,16 @@ class File_redirection extends Managed_DataObject
                 // don't touch anything
                 break;
 
+            // URLs without domain name, so no redirects
+            case 'magnet':
+                // don't touch anything
+                break;
+
+            // URLs with coordinates, not browsable domain names
+            case 'geo':
+                // don't touch anything
+                break;
+
             default:
                 $out_url = $default_scheme . ltrim($out_url, '/');
                 $p = parse_url($out_url);
@@ -332,12 +366,63 @@ class File_redirection extends Managed_DataObject
         return $out_url;
     }
 
-    function saveNew($data, $file_id, $url) {
+    static function saveNew($data, $file_id, $url) {
         $file_redir = new File_redirection;
+        $file_redir->urlhash = File::hashurl($url);
         $file_redir->url = $url;
         $file_redir->file_id = $file_id;
         $file_redir->redirections = intval($data['redirects']);
         $file_redir->httpcode = intval($data['code']);
         $file_redir->insert();
     }
+
+    static public function beforeSchemaUpdate()
+    {
+        $table = strtolower(get_called_class());
+        $schema = Schema::get();
+        $schemadef = $schema->getTableDef($table);
+
+        // 2015-02-19 We have to upgrade our table definitions to have the urlhash field populated
+        if (isset($schemadef['fields']['urlhash']) && in_array('urlhash', $schemadef['primary key'])) {
+            // We already have the urlhash field, so no need to migrate it.
+            return;
+        }
+        echo "\nFound old $table table, upgrading it to contain 'urlhash' field...";
+        // We have to create a urlhash that is _not_ the primary key,
+        // transfer data and THEN run checkSchema
+        $schemadef['fields']['urlhash'] = array (
+                                              'type' => 'varchar',
+                                              'length' => 64,
+                                              'not null' => true,
+                                              'description' => 'sha256 hash of the URL',
+                                            );
+        $schemadef['fields']['url'] = array (
+                                              'type' => 'text',
+                                              'description' => 'short URL (or any other kind of redirect) for file (id)',
+                                            );
+        unset($schemadef['primary key']);
+        $schema->ensureTable($table, $schemadef);
+        echo "DONE.\n";
+
+        $classname = ucfirst($table);
+        $tablefix = new $classname;
+        // urlhash is hash('sha256', $url) in the File table
+        echo "Updating urlhash fields in $table table...";
+        // Maybe very MySQL specific :(
+        $tablefix->query(sprintf('UPDATE %1$s SET %2$s=%3$s;',
+                            $schema->quoteIdentifier($table),
+                            'urlhash',
+                            // The line below is "result of sha256 on column `url`"
+                            'SHA2(url, 256)'));
+        echo "DONE.\n";
+        echo "Resuming core schema upgrade...";
+    }
+
+    public function getFile() {
+        if(empty($this->file) && $this->file_id) {
+            $this->file = File::getKV('id', $this->file_id);
+        }
+
+        return $this->file;
+    }
 }